Think you can distinguish a fake email from the real deal? Sorry to disappoint, but Google's latest study says otherwise. Google, in conjunction with the University of California, San Diego, found that sophisticated, manual phishing attempts allow hackers to successfully takeover a Gmail account a staggering 45 percent of the time.
While this statistic may be a bit mind-boggling, let's take a few steps back to uncover what phishing is and how can you spot it.
Phishing is when a scammer poses as a legitimate person or organization online. Scammers send an email prompting you for an immediate action. Typically they will ask for login credentials, bank account information or personally identifiable information (like your SSN). With this information, they can commit identity theft,fraud, or send additional phishing emails to your friends using your good name.
Cybercriminals send these emails out by the thousands and the skill used to craft these deceptive documents ranges greatly. Some phishers transmit elementary versions while others make nearly identical reproductions.
Do you think you would be able to catch on to this fake AT&T bill?
So what are the telltale signs of a phishing email? In short - they vary. So get acquainted with some of the most prominent red flags.
"Dear Valued Customer"
Trusted organizations have both your email address and name on file. If you scroll through your inbox, you'll see a reoccurring theme - companies personalizing emails with your name. Scammers on the other hand lack this information, so they choose an all-encompassing term such as "Valued Customer," "Sir or Madam" or "To Whom It May Concern."
[email protected]
One of the most common giveaways is an erroneous domain name used in the sender's email address or the attached URLs. Domain names are what come after the @ sign in an email and before the .com in a web address. For example, a scammer might use something like [email protected] or [email protected] to try to impersonate Verizon.
Always check the domain name of both the sender's email address and the email's URLs. To check URLs, simply hover over them with your cursor and they will display the address of the website you will be directed to. Be cautious, some links will send you to sites infected with malware.
Is it Typo-City?
Poor spelling and grammatical errors are a major tipoff that something fishy is going on. Many phishers are from overseas where English may not be their first language. Others simply don't want to spend the time perfecting their scam. They know that if they send out enough emails, they'll get at least a few bites. Google found that even the most obvious phishing scams were successful 3% of the time.
Act Now Or Else
Hackers typically demand a prompt response. In the Google study, 20% of impacted accounts were accessed within a mere 30 minutes of being phished. Unprompted messages are one of the best ways to get you to act immediately. Phishing emails will use threatening or too-good-to-be true messages such as "your account will be closed" or "you will owe a penalty". Don't buy in - it's a scam!
What Should You Do?
If you suspect you're the recipient of a phishing email, don't click on any links. Nor should you forward or reply to the email. If in doubt, call the company's customer service hotline to verify the legitimacy of an email. Once divulged, report any phishing emails to the impersonated organization, the U.S. Department of Homeland Security and the appropriate email provider (i.e. Google, Yahoo).
If you you're worried you've already been tricked by a phishing scam, file a complaint with the Federal Trade Commission (FTC) immediately.
Want to have a little fun? Test your knowledge with the FTC Phishing Game!