I’m sure many of you have heard the term phishing, but you may not know exactly what it means. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
If you use the internet or a mobile phone regularly, you’ve probably received a call, text, or email from a phishing scammer — in fact I’m sure most people have received numerous unwanted phishing messages.
How to recognize a phishing message
Phishing messages often disguise themselves as a company that you recognize and trust — for example your bank, your credit card company, or another service you use. Often these messages will include some sort of vague reasoning as to why they need to collect information from you like:
- They need to verify your email;
- They’ve noticed an issue with your payment and need you to verify your credit card details;
- You are required to verify some sort of personal information;
- They are offering you a refund or coupon for their services.
Messages from scammers will often not be very detailed and will require you to perform some sort of action “quickly” or “immediately” to resolve a concern with your account.
What to do if you suspect phishing
Think critically before responding to these types of messages or calls. Any time you receive a message from a company that is asking for information or requesting you click on a link, first consider whether or not you actually have an account with this service provider.
I once received text that said it was from Microsoft and that I needed to verify my account with them by clicking a link. First of all, why would Microsoft be sending me a text to verify an account? That alone seemed a bit phishy. And then I realized, I don’t even have a Microsoft account! Definitely a phishing attempt. Delete.
Scammers will bulk-send one generic message to a bunch of numbers or emails in the hopes that some of the recipients will fall for their trap. They don’t know for sure if everyone receiving the message even uses the service that they’re disguising themselves as. This is the easiest way to avoid a phishing scam: know what services you use and ignore any messages from businesses that you do not subscribe to.
Now let’s say I did have an account with Microsoft and the message seemed legitimate. How can I make sure I’m not ignoring an important notice about my account? Here are some options:
- Check the email address the message was sent from. If the email doesn’t come from the company’s official domain name or seems phishy, it’s probably a fake.
- Call the company that has contacted you, but use a number or email address that you know belongs to them. Don’t trust the contact information provided in the message you received, look up their contact information on an official website and call their verified customer support team. They can confirm if they sent a notice about your account.
- Check the account in question directly for any notifications or warnings. Some phishing scams may say that your account is suspended until you verify your information, but if you’re able to login to that account and you don’t receive any notice once actually logged in, you can be confident that the message you received was a fake.
- Copy and paste the message you got to Google, or type it out if you received a call. Often other people who received similar messages will recognize their fraudulence and post online to warn future targets of the phishing attempt.
Avoiding COVID-19 phishing scams
Many scammers will try to take advantage of uncertainty or people in a vulnerable state. There is a lot of information being spread about coronavirus, and many of us are still adjusting to life in self-isolation. In the midst of these unknowns, it’s important to be on high alert for phishing ploys.
Make sure you’re getting up-to-date information regarding COVID-19 by checking verified sources like the World Health Organization and Department of Health’s websites directly. Don’t let your guard down due to the uncertainties of the coronavirus and stay vigilant about potential phishing attacks.