There is no doubt that email phishing can be very clever. After all, these types of phishing exist because they work. Let us take a closer look at the example below.
The following image is a false Charles Schwab notice claiming the recipient has been locked out of his account and must update it to regain access. Here are some clues indicating this email is actually a scam:
- The email is not sent to the recipient. If the recipient were truly being notified by Charles Schwab whereby there was an issue with their account, they would know the recipient’s name.
- Similarly, they do not know the recipient’s name. “Dear customer” is not an identifier.
- The recipient is not attempt to log in to a Schwab account, so cannot exceed the number of allowed attempts.
- Grammatical errors: The words Online Banking are capitalized throughout the text. Also, if you read carefully, the text says “Please visit www.schwab.com/activate Reset Account your account” which obviously does not make any sense, but since most people scan emails quickly, grammatical errors that are this small usually do not attract attention.
- They encourage the recipient to confirm that the e-mail is sent from Schwab, so that the recipients can rest assured. Therefore, the recipients will use the provided link.
- Let’s look at number six which is marked in the image. When you hover your mouse over any link on this page, it shows the real email address. Based on the image, the email stated is actually http://almall.us. The scammer /schwab.com/ after the real name of his website to make it look legitimate.
If you notice any of these vulnerabilities in your email, it is enough to tell you that the email is a phishing attempt. But what if these errors do not exist?
A smarter scammer can correct these errors, including knowing the recipient’s name and email address, and masking their URL in a more convincing manner. If they had done a better job, there would have been nothing alarming in the message. But it would still be a fake.
How To Recognize Phishing Email
In conclusion, there are 7 ways to recognize phishing email which is:
- Firstly, Legit companies do not request your sensitive information via email which as password, credit card information, credit scores, or tax numbers, nor send you a link which requires you to login.
- Secondly, Legit companies usually call you by your name
- Thirdly, Legit companies have domain emails
- Fourthly, Legit companies know how to spell
- Furthermore, Legit companies do not force you to their website. Sometimes phishing emails are coded entirely as a hyperlink. Therefore, accidently clicking the link or deliberately anywhere in the email will open a counterfeit web page or download spam in your computer.
- Lastly, Legit companies do not send unsolicited attachments. Look out for high-risk attachment file types such as .exe, .scr, and .zip. When in doubt, contact the company directly using the contact from their actual website.
- Legit company links match legitimate URLs. Double check the URLs. If the link in the text is not identical to the URL displayed as the cursor hovers over the link, that is a sure sign you will be taken to a fault site. Ensure additional security by hovering your mouse over the links without clicking it and ensure the link begins with https://.
Find out more at Casbay Blog.
