How to Spot a Phishing Scam

In this article, I've summarised 28 straightforward tips and examples, to keep you safe from phishing

How to Spot a Phishing Scam

28 Tips & Examples Everyone Should Know

Introduction:

Ever felt like the Internet is out to get you? You're not alone.

We've all been there – second-guessing emails or messages that look dodgy.

You know, the ones telling you that you've won a prize or need to update your info right away.

It's stressful, and let's face it, a bit scary.

The good news? You don't have to be a tech genius to outsmart these scammers.

In this article, I've summarised a few straightforward tips, to keep you safe from phishing.

Stick around, and by the end of the article, you'll be able to spot a phishing scam from a mile away, or 1.6 kilometres away if you're in Europe 😏

We've all heard the term, but what exactly is phishing?

In very simple terms:

Phishing involves various scam techniques, where criminals try to steal personal information like usernames, passwords, cryptocurrency or credit card numbers by pretending to be a trusted company or person. They will use fake emails, instant messages, or websites to trick you.

Spotting the Red Flags of Phishing

Don’t Fall for Urgency or Too-Good-to-Be-True Offers

First up, let's talk about those emails that scream "Urgent!" or promise you something amazing.

Scammers love to make you panic so you act without thinking.

Example:

An email from "Your Bank" asking you to update your password, saying your account will be locked in 24 hours.

Or, the classic "You've won a £100,000 lottery!" (FYI, you can't win a lottery you never entered).

Tip:

Take a deep breath. Think. Would your bank actually send you an email like this? Probably not.

Call your bank using the number on their official website, not the one in the email.

Check the Sender's Email Address

Sometimes, the email address can give away a phishing scam.

Example:

You receive an email from PayPal but the sender's address is something like "support@paypal.scam.com”.

Looks dodgy, right? That's because it is.

Tip:

Always check the sender's email address. If it doesn’t match, don't click any links.

Scammers can make fake links look very convincing. Fortunately, there’s an easy way to check without clicking.

Example:

An email from “Amazon” includes a link that says “Verify Your Account.”

When you hover over it, you see that the link points to something like “verify-com.net” instead of “amazon.com.”

Tip:

Always hover your mouse over the link to see the actual URL. If it doesn’t match the official site, don’t click it.

Even if they come from trusted contacts, never click on links in mobile messaging apps.

Scammers can hack your friends’ accounts and send you bad links.

Example:

Your mate John sends you a link on WhatsApp saying, "Hey, check this out!" It leads to a site asking for your bank info.

Tip:

Always ask your friend if they really sent you that link. Better to be safe than sorry.

Look Out for Poor Grammar and Spelling Mistakes

Alright, let’s get real. A lot of these phishing emails are written in a hurry or by folks who aren’t all that great with English.

Example:

You get an email that starts with “Dear Esteemed Customer” and then goes downhill from there with mistakes like “Please click here to verifiy your information.”

Tip:

Real companies invest in good writing. If an email looks like it’s been run through a bad translator, it’s probably a scam.

Notice Requests for Personal Information

Legitimate companies rarely ask for sensitive information through email.

Example:

An email from “Apple” asks for your Apple ID password to update your account.

Apple would never ask for this kind of info via email.

Tip:

If an email asks for personal info, especially passwords or banking details, it’s a big red flag.

Avoiding Payment Fraud

Double Check Unusual Payment Requests

Scammers often ask for strange payments. And guess what?

They make it urgent.

Example:

An email from your boss asking you to buy £500 worth of gift cards and send the codes immediately.

Tip:

Give your boss a call to verify. A quick phone call can save you a lot of trouble.

Understand Deep Fakes

It is really easy to use AI nowadays, generate a realistic but fake video with anyone's voice and face.

Example:

Your CEO makes a video call to his bookkeeper, out of business hours, and asks them to make an urgent payment to a foreign company.

Tip:

Call another unrelated senior person in the company, such as the CISO or CFO, and discuss it with them.

Be Wary of Email Attachments

Attachments can be a sneaky way for scammers to get malware onto your device.

Example:

You receive an email with an attachment named “invoice.doc” from an unknown sender.

Tip:

Don’t open attachments from unknown sources. If it’s supposed to be from someone you know, confirm with them first.

Be Cautious with Online Payments

When making payments online, especially on unfamiliar websites, it's essential to be extra careful.

Example:

You find a fantastic deal on a gadget but it’s from a website you’ve never heard of.

Tip:

Check if the website starts with "https://" which indicates a secure connection. Look for reviews of the website and make sure it’s reputable before entering your payment details.

Use Secure Payment Methods

Use secure payment methods like credit cards or services like PayPal that offer buyer protection.

Example:

You’re buying something on eBay and have the option to pay directly with your credit card or through PayPal.

Tip:

Choose PayPal because it offers dispute resolution and doesn't require you to share your credit card information directly with sellers.

Don’t Be Pressured by Urgency

Scammers use urgency to make you act fast. Slow down.

Think before you click.

Example:

An email claiming you need to pay a bill immediately or face legal action. It's designed to scare you into following the instructions.

Tip:

Investigate any unexpected requests. Contact the company using an official number or website.

Cross-Check with Official Sources

If you get an email that makes you uneasy, check with the company directly.

Example:

You receive an email from “Netflix” saying there’s a problem with your account and you need to resolve it immediately by clicking a link.

Tip:

Go to Netflix’s official website or use their official app to check your account. Don’t trust the email.

Authentication with Call-backs

If someone calls claiming to be from your bank and asks for sensitive information, tell them you’ll call back.

Example:

You get a call from someone claiming to be from your bank, asking you to confirm your account number and PIN.

Tip:

Hang up and call your bank using the number on their official website. This ensures you’re actually talking to the bank and not a scammer.

Make it a Habit to Check Your Online Transactions

Keeping an eye on your bank and credit card statements can help you spot fraudulent activity early.

Example:

You notice a small, unfamiliar charge on your credit card. Scammers often make small test charges before going for larger sums.

Tip:

Report any suspicious activity to your bank immediately. Set up alerts for any transactions over a certain limit to catch any fraud early.

Emotional Manipulation in Scams

Beware of Social Engineering

Scammers may try to manipulate you into giving away personal information through social interactions.

Example:

A friendly call from someone claiming to be from tech support, asking for login details.

Tip:

Always verify the identity of anyone requesting sensitive information, especially if the request is unsolicited.

They Play with Your Emotions

Scammers know how to tug at your heartstrings.

Whether it’s fear, greed or even kindness, they send messages designed to trigger your emotions.

Example:

A message from a “friend” in trouble asking for urgent financial help.

Tip:

Always double-check with the friend directly, maybe with a quick call or another form of contact.

Playing on Fear

Scammers love making you scared so you act quickly.

Example:

An email from “the police” claims there’s a warrant out for your arrest unless you pay a fine immediately.

Tip:

Authorities won't contact you this way. Always verify such claims through official channels.

Exploiting Trust and Kindness

Scammers often impersonate trusted friends or authorities to catch you off guard.

Example:

An email appears to be from your boss, asking for urgent help with a financial transfer.

Tip:

Verify by calling or messaging them directly using known contact details, not the ones provided in the email.

Capitalising on Greed

Scammers entice you with offers that seem too good to refuse.

Example:

Winning a lottery you never entered or getting an inheritance from a relative you never knew.

Tip:

If it sounds too good to be true, it likely is. Always double-check such claims.

Practical Steps to Protect Yourself

Be Wary of Public Wi-Fi

Public Wi-Fi can be convenient, but it’s also a playground for hackers.

Example:

You’re at a café using free Wi-Fi to make an online purchase.

Tip:

Avoid shopping or accessing sensitive information over public Wi-Fi. Use a VPN (Virtual Private Network) for a more secure connection when you must use public Wi-Fi.

Use Anti-Virus and Anti-Phishing Tools

Protective software can alert you to potential scams and phishing attempts.

Example:

A pop-up blocker warns you that the website you’re trying to visit is known for phishing.

Tip:

Invest in reliable anti-virus and anti-phishing software, and keep it updated for the best protection.

Use Strong, Unique Passwords

Yes, you've heard this one before, but it really matters.

Example:

Using "password123" for all your accounts is asking for trouble.

Tip:

Consider a password vault to help you generate and store, strong, unique passwords for every account.

Keep Your Software Updated

Software updates can be a pain, but they're vital for your security.

Example:

Ignoring those annoying pop-ups telling you to install updates could leave you vulnerable.

Tip:

Set your devices to update automatically.

Enable Two-Factor Authentication

Two-factor authentication adds an extra layer of security, making it harder for scammers to get in.

Example:

After entering your password, you receive a code on your phone that you need to enter as well.

Tip:

Enable this feature on every account that supports it, especially for email and banking.

Staying One Step Ahead of Scammers

Back Up Your Data

Regularly backing up your data ensures you don’t lose everything if you get hit by malware.

Example:

Using cloud services or an external hard drive for regular backups.

Tip:

Protect your important files by keeping multiple backups in different places, ensuring that at least one recent backup is always offline.

Educate Yourself

Knowledge is your best defence. Staying informed can make all the difference.

Example:

Participating in training sessions provided by your company or online courses about cybersecurity.

Tip:

Consider signing up for workshops or webinars on online safety. The more you know, the safer you’ll be.

Educate Others

Sharing knowledge about phishing scams can help others stay safe.

Example:

Having a conversation with your family about the common signs of phishing and what to do if they receive suspicious messages.

Tip:

Encourage friends and family to take online security seriously and share these tips with them.

In Summary

By now, you should have a good understanding of how to spot phishing scams and some effective steps to take to protect yourself.

Let’s face it, the Internet can be a bit of a minefield. But with these tips, you’re not just another "phish" in the sea for scammers to catch. By staying alert, questioning anything that seems unusual, and taking simple precautions, you can outsmart even the sneakiest scammers out there.

If you want to see more content like this, that you can use to update your own Cybersecurity Awareness program, then subscribe to my newsletter by clicking on the "Subscribe to Newsletter" link or button, under my name.