It’s called “phishing” because cyber criminals try to lure you into their trap, often using a legitimate-looking emails, hoping you take the bait. Their goal? To trick you into revealing account numbers and payment information.
The REAL trick is being alert and knowing what to look for so you don’t fall for this kind of scam. Since most phishing emails have some common elements, they’re easy to spot once you know what to watch for.
Let’s take a recent, real-life example:
Here’s what’s wrong with this picture:
1. Look at the sender’s email address. Often this is your first clue something is amiss—if the address doesn’t match the business supposedly sending the email, it’s probably a scam.
- Look for spelling and grammar mistakes. Frequently cybercriminals make some pretty horrible mistakes. Sure, mistakes happen even in professional communications, but they’re rare. If you notice errors, you should be on alert.
- Don’t fall for threats. Watch for phrases such as “your account will be closed” or “your account has been compromised.” Odds are if either of these were true, you would be contacted in a way other than over email.
- A company you do business with is asking for information. It’s easier to scam people when they think the email is from a company they already know—just remember the company probably already has (or should have) the information being requested.
- Beware of links. Always have a healthy dose of suspicion if the email demands you take action by clicking. You can use your mouse to hover over any links in an email to reveal the web address, but know this can be faked. Clear signs of fakery include: if the address is a cryptic set of numbers, looks nothing like the web address from the supposed sender, or is actually an .exe file (which could actually be malicious software).
Here’s a recent example where it looks like a TDS login page at first glance…but the address shows it’s clearly not.
If you’re wondering if an email is legit, contact the business who “sent” it. Look up their website yourself (don’t use any provided links), and/or give them a call (you should look that info up yourself, too).
If you find out later you were tricked, we urge you to change passwords immediately! We also have a how-to guide to help if you think you’ve been a victim of a data breach.
Finally, please remember, TDS will never contact you directly and ask you to verify any part of your account. In fact, if you want to make any changes to your account, we require you to verify that you’re authorized to do so!
Thanks. This was very helpful.