Phishing Scams: Watch Where You Click

Author: Nichlaus O.

November 9, 2021

The Federal Bureau of Investigation (FBI) estimates that $57 million is lost every year in the US due to phishing scams alone. Phishing is therefore among the top online threats. 

What is Phishing?

It is a deceptive tactic used by scammers and hackers to gather your personal and financial information by mimicking a reputable company or person. It is commonly initiated through emails and text messages that contain links to malicious sites or have attachment files with hidden malware. Once you click on them, your account information and login credentials are stolen. 

The scammers will then use your credentials to misuse your accounts or withdraw money from them. The goal of these scams ultimately is money obtained by the data stolen through Phishing. 

Common Types of Phishing

Phishing is a broad term that encompasses a number of different attacks that scammers use to gain unauthorized access to accounts:

  • Spear Phishing: A highly targeted phishing attack that builds a fairly accurate social profile of the victim, then launches a personalized assault via email. Scammers may use your real name or job title to look legitimate and so avoid arousing suspicion. This way, you are highly likely to follow the links given and submit whatever credentials are asked.

  • Whale phishing: Targeting a ‘whale’ is the idea here. The ‘whale’ here is a CEO or a top executive with high access/clearance in a company.  Once compromised, the whole organization can be defrauded. A CEO may have access to some business bank accounts and the credentials for accessing them may be found in his emails or computer folders.

  • Pharm Phishing: This attack is aimed at strategic Domain Name Server (DNS) which once compromised, can be made to re-route all connections of a particular kind to the scammer’s phishing website. Therefore, a high number of potential victims can be deceptively redirected to a malicious page.

  • Voice Phishing/Vishing: Here scammers record and mimic the voices of their target victim then use them to gain access to their sensitive data through scam calls.

  • SMS Phishing/Smishing: This is a phishing tactic that’s initiated through SMS. The scammers send you a clickable link via SMS that leads to a phishing website. 

5 Common Signs of a Phishing Scam

  • Mis-spelt or oddly worded URLs that mimic big brands and companies like Paypal, Amazon, Apple, Netflix, Walmart. Such URLs characteristically deviate from the conventional.

  • Corporate messages that originate from free email accounts, for example, an email pretending to be from PayPal email that was sent from a free Gmail account. Authentic emails will originate from the website’s own domain, such as ‘[username]@paypal.com’

  • A sense of urgency and fear to get you to click on a provided link that is already booby-trapped with malware.

  • Unprompted requests to confirm your email or password. Whenever you get any such email without actually trying to log in, you are being targeted for a phishing scam.

  • Promotional/Marketing email with an enticing message to get you to click on a link or open an attachment. Usually, there is the promise of free stuff, discounts, free coupons, or even money. 

Examples of Phishing Emails and Text Messages

Scammers do their research well. Their messages are designed to make you act on the information they feed you. Issues to do with an online account are the most common as we see here below: 

  1. Your Account has been hacked - Follow this link to secure your account data. 

  2. You need to Reset your password or restore your account.

3. Payment Request, claim a refund/reimbursement

4. Charity donation. 

 

How to Protect Yourself From Phishing Emails and Texts

  1. Do not click on links in any suspicious email or download attachments regardless of the reason given. 

  2. Install reliable antivirus protection with malware detection. Go for one with web browser integration to flag new and upcoming phishing sites. 

  3. Set up and use your PC firewall security. Do the same for your home and work network. 

  4. Make use of the SPAM button in your email application. Mark as spam all emails that have the signs of phishing shown above. 

  5. Never follow links in emails to payment sites or your bank account. Instead, navigate manually on your web browser. Phishing sites mimic the real site to get you to give your login credentials. 

  6. Check a website's Trust Score on ScamAdviser.com before you buy.

Report a Scam!

Have you fallen for a hoax, bought a fake product? Report the site and warn others!

Help & Info

Popular Stories

As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu

So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking.  If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller.  The condition of the item was misrepresented on the product page. This could be the