“Phishing Scams” and How to Avoid Them

Gatlin Grimm

A “Phishing Scam” is defined by the Federal Trade Commission as: “a type of online scam that targets consumers by sending them an email that appears to be from a well-known source.” In 2022 3.4 BILLION phishing emails are sent DAILY all around the world in an attempt to obtain personal information from complete strangers for monetary gain. These emails can occur in the most usual settings. An email that appears to be from Amazon regarding a declined payment method, an email disguising itself as a message from your bank branch asking you to confirm your username and password, and even as diabolical as posing as a loved one asking for financial help due to an emergency. While these scams, to the untrained eye, might catch people off guard, there are ways to spot these scams in their tracks and protect your identity, your assets, and most importantly, your privacy.

With the advancement of technology, the use of that technology for criminal gains has also advanced. A popular tool in any “phishing” email is the use of “links” (clickable website names that send you to another website) that would direct you to a website that, at first glance, might seem familiar to you, but despite the outward appearance it is actually their own website designed to get you to input personal information, bank information, and even social security numbers.

How to Spot a “Phishing Attempt”

With regard to “phishing” the most common and most effective tool in any scammer’s belt is to create a sense of urgency in who they are attempting to scam. To trick you into not thinking clearly and reacting solely on emotion, is the best way for an internet scam to obtain your information. Imagine: You are enjoying a nice morning coffee with your family, chatting about the goings on of your week, discussing the most recent church sermon when you get a notification on your phone about an email you just received. The subject reads:

Chase Bank Attention Required

Your heart jumps into your throat. “Did I forget to pay my credit card bill? Is there something wrong with my mortgage?” You start to half listen to the conversation around you and open the email itself. It reads:

Chase Bank Account Alert

Account Balance Critical. Fraud Suspected.

Click the link below to confirm your identity.

Chase Bank Fraud Department

You click the link. It takes you to a website that you feel looks familiar. It asks you for your username and password. You nonchalantly take out your pocketbook where you keep your usernames and passwords, plug in the information and BAM your bank account information, username, and password are in the hands of someone you have never laid eyes on before. Someone who could be half a world away has access to every cent you have made. That is how easy it is to get ahold of your information in the 21st century. By using your emotions, these people were able to make you believe something, when in reality, there wasn’t any fraud and your bank account was just as you left it.

When receiving any unsolicited emails even from companies that you do business with, do your due diligence and ask yourself the following questions:

1. Was I expecting any correspondence from this company? (Did I order something recently? What has my account activity been lately?)
2. Does the email trigger an emotional response? (“URGENT!” “ ACCOUNT DEACTIVATION IN PROGRESS!” “FRAUD DETECTED, PLEASE ADVISE!” “PHONE LOCKOUT TIMER STARTED!”)
3. Are they trying to get me to click on something? (“Click here to see what you’ve won!” “Single Women Want to Talk to You Now! Click Here to Start Chatting!” “Click Here to Claim Your $50 Home Depot Gift Card!”)
4. Are they trying to get me to give them any of my personal information? (“Enter your address below to get pre-approved for a reverse mortgage!” “Enter your phone number below to be removed from all spam-call lists!” “Your email was found in a data breach, enter it below to check to see if you were affected!”)

If you ask yourself the questions above, you can avoid the majority of phishing attempts thrown your way! However, as stated above, these scams are getting more and more sophisticated with time, so additional measures should be taken to ensure that your personal information is safe and secure.

Deceitful “Links”

“Link” is short for “Hyperlink” which is how many people across the world navigate the internet. A link is generally a URL (uniform resource locator) which is the address of a website or file on the internet. Simply typing in “www.amazon.com” into your browser will give you access to millions of items to buy at the click of a button. Additionally, links can be used to disguise the true destination you will take when you click it. Just because a link says “Click here to be directed to Chase Bank’s Fraud Department” doesn’t necessarily mean that you will truly be sent there. In the last couple decades, scammers have become crueler and smarter. The example provided below looks like any other email you might receive from Chase Bank. However, this email is a perfect example of how creative designs and professional wording can lull you into going anywhere the scammer wants you to go:

In this example, all of the underlined blue words are links that you are able to click. These links are named using terms that you might be familiar with if you utilize online banking. However, if you were to click on these links and provide them the information they are asking for, you might have just given them access to all of your money and potentially any other identifying information located in your bank account.

If you receive an email like this DO NOT CLICK ANYTHING! If you are truly concerned about your banking information and the message that was displayed in an email, always contact your bank via telephone FIRST to confirm any changes that were made on your account. Never enter your banking information anywhere other than the true Chase Bank website.

The image above is another great example of a phishing attempt. By telling you that it double charged you for a recent order, and let’s face it, most of us have ordered something from Amazon in the last 14 days, this would be information that would trigger an emotional response. “Why did they double charge me? I have rent to pay, if they charge me again I won’t be able to make it this month!” And without thinking you might click on the link asking you to “Update Your Address” and just like that, they have your information and are able to use it in any way they see fit.

Camouflage Email Addresses

Another great step in preventing successful phishing scams from happening to you is being able to identify authentic company email addresses.

The above email is an example of an authentic email from Amazon Customer Service. Notice that the email address is from cs-reply@amazon.com and gives you the link to the actual Amazon customer service website.

The above image is an example of a phishing email from Amazon. Notice that the email address in the red box starts off looking legitimate but ends in a series of random letters, whereas the legitimate email from Amazon ending in “@amazon.com” but even this can be tricky to the untrained eye. Sometimes the email address might be spelled just a little wrong like: “amazon.support@aamazon.com” even the inclusion of an extra “a” in the email address could spell disaster if you were to click on the link and provide them with any information.

In 2022, phishing attacks increased by 61% compared to 2021. This is most likely due to the amount of people that are now doing most of their personal business and recreation online. According to KnowBe4’s blog, an estimated $17,700 is lost every minute due to phishing and globally, $1.5 trillion in revenue lost can be attributed to cyber crime in general. This and more is why you should be wary the next time you receive a familiar looking email. You never know who could be lurking behind it.