Hackers are not only getting smarter and more sophisticated, but they’re also troublingly persistent. Nearly 100,000 phishing attempts are made on a monthly basis around the world, and they’re a far cry from your standard “foreign prince” scam. These cyber attacks are designed to trick people into willingly handing over their money, passwords, or other personal information, and a lot of times, it works. Here are seven examples of common phishing scams with tips on how to spot them, presented by Mental Floss and Discover.
1. Be wary of emails asking you to click a link to confirm or update sensitive details.
Let’s say you get an email asking you to click a link to verify your email address. Should you click it? It could be an attempt to direct you to a fake (but convincing) web page, where you might be duped into entering your username and password. The same scenario can apply to streaming services, digital news subscriptions, and other services asking you to update your payment details. Instead of clicking, open a fresh tab and call up the website on your own. You can also check the link in the email for typos, which are a sure sign that it’s not a legitimate site. It’s also worth getting a credit card that helps you to protect your identity: Discover will monitor thousands of suspicious websites for your social security number and alert you to any newly opened accounts on your Experian® credit report after you sign up for the alerts. Learn more at Discover.
2. Don’t fall for pop-ups asking you to verify account information.
Pop-up ads may ask you to call a phone number to verify your account information, fix a bug, or carry out some other “tech support” task. Some may even be disguised to look like your internet service provider. As a general rule, it’s an immediate red flag when a pop-up ad asks for sensitive personal information. Legitimate security warnings would never ask you to call a phone number, so be sure to close out of the message without clicking on anything else. You can also enable pop-up blockers to protect you from some of these attacks.
3. Even if an email looks like it was sent by someone you know, double check the sender’s address for typos.
One particularly devious scam is called “spear phishing,” and it describes an email that has been engineered to look like it came from your company or another trusted organization. If a hacker has done their research, it might even appear as if it were sent by your boss or one of your coworkers. Unlike mass-produced emails, these are targeted attacks—which means they can be easier to fall for. Before opening any links or attachments, double check that the sender’s address is legitimate. In some cases, a hacker might buy a domain that looks like your company name at first glance, except the “m” has been swapped for an “n,” for example.
4. Be careful when logging into your email.
If you’re going about your business and you get a seemingly legitimate message asking you to log into your email account or file storage service, proceed with caution—especially if you know you’ve already logged in to your account. This could be a phishing scam designed to gain access to your log-in details.
5. Watch out for “cloned” emails.
If you get what appears to be the same email twice, one of them might be a phishing attempt. Hackers can take a legitimate email you’ve already received and duplicate it, throwing in a malicious link or attachment for good measure. If the sender claims that the email had to be updated or resent for any reason, this could be a sign that it’s a phishing attempt. Double check the sender’s address to see if it differs from the other email you received, and hover over any links to check the landing page before clicking on them.
6. Don’t trust “copyright notices” on social media.
One of the latest phishing campaigns is taking place not through email, but on social media sites. Some users have gotten messages telling them they’ve violated copyright laws and that their account will be deleted within 24 hours unless they click a link to verify their account. This, of course, is not a legitimate request. Instead, users will be directed to enter their account details as well as their email log-in.
7. Enable two-factor authentication.
As a preventative measure, it can be helpful to activate two-factor authentication for any accounts containing sensitive information, like bank accounts and credit cards. It’s essentially a two-step process that asks for another key piece of information (like a code sent to your phone) after you enter your password. That way, even if a hacker gains access to your password, your account might still be safe. It won’t protect you against all types of phishing, but it’s an additional safeguard that’s nice to have.
Knowledge is power in the fight against hackers, and Discover is on the front lines for their cardmembers. They’ll monitor thousands of Dark Web sites and alert you if they find your social security number and new accounts appear on your Experian credit report. The service is free for cardmembers who sign up and is a good first step to putting you in the know. Terms apply. Learn more at Discover.com.