-
Phishing scams use social engineering and urgency to manipulate you into making bad decisions.
-
You can spot red flags in suspicious emails by checking sender address and link destinations.
-
Common phishing scams imitate banks or social media to trigger fear and prompt quick reactions. Verify through trusted methods instead.
Email phishing scams have been around for a long time, and its easy to fall prey to these convincing schemes. The best way to defend yourself against social engineering is to stay aware and informed.
Why Phishing Scams Are Effective
One of the most common forms of online threats is the email phishing scam. Its been around since the 1990s, and the tactics have become more sophisticated through the years. Phishing scams that are successful these days are the ones that look very convincing, and also make you think you need to act urgently. These scams employ social engineering to trick you into making a bad decision because you think something is at risk. Stay safe against manipulation by educating yourself on what to look for and what to avoid.
Ways to Spot a Phishing Scam
Most people check their email on their mobile device, but if you receive a suspicious email about someone accessing one of your accounts, do NOT click that Verify Identity button in the email, no matter how convincing it looks!
Mobile email clients often hide some of the red flags that phishing scams use to reach your inbox. Any time you get a suspicious email, the first thing you should do is check the email from a desktop computer, where its much easier to see the real email address of the suspicious sender.
This example shows what a legitimate email sender and URL might look like when viewed in Gmail on desktop.
Note the full email address of the sender is displayed at the top of the email. You can also hover over the sender’s email to get more information. If there are hyperlinks in the email (like a “Click Here to Verify” button), hover over but do not click the hyperlink to view where it goes. The URL will be displayed at the bottom of the browser window.
A screenshot of an email in Gmail, highlighting where to see the sender and how to preview a hyperlink
There are obvious red flags to spot when you receive a suspicious email. When you view the email on desktop, look at the sender email address. Does it match the domain of the company that its claiming to be? Or is it a long string of weird characters that have nothing to do with the company that this is supposedly from?
Be sure to always hover over a link in a suspicious email to preview the destination. If the link is sending you somewhere with a long sketchy URL that does not contain the real companys domain, its very likely to be a scam. In general, you should absolutely never click on links in an unexpected email. Rather than using the link provided in the email, you should instead open a new browser window and access your account manually to verify any suspicious claim in a weird email.
Screenshot of Gmail’s spam folder filled with emails that have abnormal fonts and urgent claims in the subject line
One more obvious red flag to look for is when the email subject or the sender has some kind of crazy font, unnecessary emojis, or weird spacing in the company or senders name (like P A Y P A L rather than just PayPal). This tactic is so obviously spam that Im surprised hackers even bother doing this anymore. My spam filters automatically prevent these types of emails from entering my inbox, but if you see them in yours, definitely avoid them!
Common Phishing Scams to Watch Out For
When social engineering is at play, hackers want you to react out of fear. They are trying to manipulate your emotions. One of the most popular ways to make you react without thinking is to make you believe that someone accessed your banking accounts. Phishing scams that look like they are coming from PayPal or your personal banking provider are extremely common.
Screenshot of a phishing email that appears to be from Chase Bank highlighting false email address
If you receive something like this, do not click the link! Verify your account status by manually logging into your account via a trusted method, or call your banks customer service number directly.
Another method that spammers are using to get you to make a knee-jerk reaction is making you think that someone accessed your social media accounts.
Screenshot of a phishing email that appears to be from X (Twitter) highlighting a false email address and warns not to click
The solution is the same: verify your account status some other way. Not via whatever link is in the email. The best way to stay safe out there is to assume the worst. Never click or download anything from an email sender that looks sketchy or unexpected.
The unfortunate side of social engineering is that the only person who can save you from yourself is you. But thats also empowering! The only person who can save you from yourself is you, so stay up to date on the latest phishing scams and protect yourself from making a bad decision in the heat of the moment.