Recognizing Phishing Scams

Mary Lou Roberts talks common sense defense tactics...

The world is full of scams and it’s important to remember that all scams don’t happen online. Telephone scams, powered by robocalls, are an annoying fact of life. Text messages are not immune. The scariest scams involve people coming to your home and asking to be let in. If you didn’t request a service call or, as the recent Eversource alert noted, if the people are not uniformed and able to show company ID, don’t consider letting them in. Lock the door behind you and call the police. It’s likely they will be gone by the time you look out the door. Keeping yourself safe, not being polite, is the first priority.

Phishing is a consistent activity online and it opens the gates to identity theft and computer problems. While it’s true that phishing attacks are becoming more sophisticated, there are ways to recognize and deal with them.

Phishing emails are the most common and they are basically trying to accomplish one of two things. First, they ask users to hand over their personal data. Remember, that comes under the never, ever heading. Legitimate businesses, government agencies and other institutions simply do not ask for personal information in emails. Second, they place malware on the device, opening it up to various types of data theft. The first is easy to spot and avoid. Emails that strive to look legitimate but are really scamming are a bit more difficult.

The basic advice for spotting phishing emails is:

  1. It sounds too good to be true, so it undoubtedly is.
  2. It sounds urgent; the recipient will miss out unless she responds immediately.
  3. It asks for personal information.
  4. The sender is unknown or looks fishy (pun intended :).
  5. There are hyperlinks that look strange--don't match the sender, for example. If there is any doubt, hover over the link without clicking. If it does not match the From line, there is something wrong.
  6. It's poorly written with spelling and grammatical errors or awkward sentence structure.
  7. It has an attachment. Don't even bother to examine the attachment closely. Attaching malware to Word and PDF files is currently one of the most common distribution methods. Even clicking on the attachment activates the malware. So unless you know and trust the sender, do not open email attachments.

Google has posted a short quiz that gives good information about identifying phishing scams. I encourage you to take the quiz. Full disclosure: I took it and failed to identify a rather humiliating number of the phishing attempts. Google was very nice about it, though.

I’ll distill my experience down into a single warning. I was concentrating on aspects like the subject line and the nature and quality of the content. The best scammers have figured those things out. I should have been looking more closely at details like the URL. Logos and other visuals are easy to imitate. URLs are not. They are usually close, though, so pay attention before you click on anything.

Phishing emails are another, all-too-frequent instance where simply paying a bit of attention can save you from an online mess that takes time and effort to clean up. welcomes thoughtful comments and the varied opinions of our readers. We are in no way obligated to post or allow comments that our moderators deem inappropriate. We reserve the right to delete comments we perceive as profane, vulgar, threatening, offensive, racially-biased, homophobic, slanderous, hateful or just plain rude. Commenters may not attack or insult other commenters, readers or writers. Commenters who persist in posting inappropriate comments will be banned from commenting on