I’m not one to normally provide advice on online safety but I recently learned some very helpful tips from a friend that I thought are worth sharing. Phishing is one of the largest online threats on the Internet. For those of you that are not familiar with the term phishing, it’s basically when someone attempts to capture your sensitive information (usernames, passwords, bank or credit card information, etc.). The threat usually originates from an email. Let me show you an example.
Here is an email that I received which appears to be from Amazon (not shown in it’s entirety):
It appears to be an order confirmation that I would have actually received from Amazon if I had placed an order with them. It is the EXACT same template that Amazon themselves use.
The natural response of someone that is not too familiar with phishing scams is to click the link to see the order details. They may also be confused since they didn’t even place an order so are anxious to log in to see what it is all about.
Once they click the email link, they will be taken to a page that looks EXACTLY like Amazon.com. The only problem is, it’s not! It’s actually a site that is owned by the identity thieves. Many people won’t notice that the URL isn’t Amazon.com because it is something close like AmazonOrders.com. The unsuspecting user will then attempt to log in, and by doing so, would have just given their Amazon username and password to the thieves.
The thieves will then either place real orders on Amazon.com (which you will be billed for) and get the merchandise shipped to some untraceable location or will sell your username and password on the Internet black market.
So how do you protect yourself? Here are some tips:
1. Do not click on email links (if you don’t need to). For example, instead of clicking on one of the links in the amazon email, I could simply launch my web browser and type in www.amazon.com and go directly to their site to check my orders. This way, I can view my real account without the risk of clicking the link and be logging in at some fake amazon website.
2. Think to yourself – did I ACTUALLY just do something that would have triggered amazon to send me this email. For example, another type of phishing scam is one where the email says “Please reset your password”. If I didn’t actual click a password reset link for that site in my browser, then there is a good chance this is a phishing scam. Almost every type of REAL email that asks you to login or change a password is the result of you requesting such an action within the last few minutes.
3. Analyze the actual domain where the links go to. In many cases, you can right-click a link and copy the shortcut URL into memory. You can then paste it into notepad, textedit or some other program. As previously mentioned, many times the domain will contain the real company’s name in the domain. This is just to make their scam more believable. In some instances, the domain will even look EXACTLY the same (except they may use a zero instead of the letter ‘O’ or they may use a lower case “L” (l) which looks like a capital “i” (I). They may even have the main part of the domain exactly the same but just use a different domain extension (.info instead of .com).
4. Getting a good spam filter can often eliminate a lot of phishing scams from going into your mailbox. Even then, you’re still likely to be exposed to some scam emails.
These thieves send similar emails to tens of thousands, if not hundreds of thousands, or even millions of users at once. So you can see how even if just 1% of the people fall for the scam, that’s potentially thousands of people. The better educated we are, the safer we will be. I advise you to follow these 4 tips and teach your family and friends them as well.