How to recognize and avoid phishing scams
I’m sure many of you have heard the term phishing, but you may not know exactly what it means. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in a text or a phone call or email.
If you use the internet or a mobile phone regularly, you’ve probably received a call, text, or email from a phishing scammer — in fact I’m sure most people have received numerous unwanted phishing messages.
How to recognize a phishing message
Phishing messages often disguise themselves as a company that you recognize and trust, such as your bank, your credit card company, or another service you use. Often these messages will include some sort of vague reasoning as to why they need to collect information from you like:
- They need to verify your email;
- They’ve noticed an issue with your payment and need you to verify your credit card details;
- You are required to verify some sort of personal information;
- They are offering you a refund or coupon for their services.
Messages from scammers will often not be very detailed and will require you to perform some sort of action “quickly” or “immediately” to resolve a concern with your account.
What to do if you suspect phishing
Think critically before responding to these types of messages or calls. Any time you receive a message from a company that is asking for information or requesting you click on a link, first consider whether you have an account with this service provider.
For example: I received a text once claiming to be from Microsoft saying I needed to verify my account with them by clicking a link. First, why would Microsoft be sending me a text to verify an account? That alone seemed a bit fishy (and phishy). And then I realized, I don’t even have a Microsoft account! Definitely a phishing attempt. Delete.
Scammers will bulk-send one generic message to a bunch of numbers or emails in the hopes that at least some of the recipients will fall for their trap. They don’t know for sure if everyone receiving the message even uses the service that they’re disguising themselves as. This is the easiest way to avoid a phishing scam: know what services you use and ignore any messages from businesses that you do not subscribe to.
Now let’s say I actually had an account with Microsoft and the message seemed legitimate. How can I make sure I’m not ignoring an important notice about my account? Here are some options:
- Check the email address the message was sent from. If the email doesn’t come from the company’s official domain name or seems phishy, it’s probably a fake.
- Call the company that has contacted you but use a number or email address that you know belongs to them. Don’t trust the contact information provided in the message you received, look up their contact information on an official website and call their verified customer support team. They could confirm if they sent a notice about your account.
- Check the account in question directly for any notifications or warnings. Some phishing scams may say that your account is suspended until you verify your information, but if you’re able to login to that account and you don’t receive any notice once actually logged in, you can be confident that the message you received was a fake.
- Copy and paste the message you got to Google or type it out if you received a call. Often other people who received similar messages will recognize their fraudulence and post online to warn future targets of the phishing attempt.