How to Spot a Phishing Scam

Sometimes it’s obvious. That message from a Nigerian prince requesting you wire $2,000? Ok, probably not going to fall for that one. If the CEO of your company asks for your credit card information via email? Something is definitely off. But often phishing is harder to spot.
Phishing is a common scheme in which someone poses as a trusted party (like a bank or government employee) in an attempt to steal personal information, such as credit card numbers, usernames, and email addresses.
You might get an email that appears to be from Netflix, asking you to log in or your account will be terminated. It could come as a text from Best Buy offering you a gift card if you enter your account information. When it looks too good to be true, it probably is and if something just feels off—it’s worth taking a closer look.

How can you avoid phishing?

Phishing attempts will often include a false story meant to lure you into entering your sensitive information. 
Some common forms:

• Email messages
• Text messages
• Phone calls
• Fake websites

Messages might include: 

• Claims they’ve noticed suspicious activity on your account
• A refund or coupon offer
• A request for you to confirm personal info
• A fake invoice

Things to watch out for

High sense of urgency
Hackers will often create a sense of urgency like threatening you with the loss of service. For instance, a phishing email from someone posing as a bank or another financial institution might ask for you to “confirm your account” and re-submit your payment information or else your account will be terminated. Don’t panic. If something seems strange or alarming, it’s worth taking a pause to investigate.

No personalization
Since cyber criminals often send hundreds of emails at a time, another clue that it may be a fake email is the lack of a personalized greeting. Proceed with caution if the email doesn’t include your name or username, or addresses you simply as “Customer” or “Account Holder.”

Poor spelling/grammar
One quick way to tell the difference between an official communication from a service you use and a phishing scam is the use of misspelled words and poor grammar in the body of the email.

Actions you can take

Check the sender’s email address
Cyber criminals will often create an email account that closely resembles a company’s official email address. For instance, a phishing email address from Amazon might look like “[email protected]”. Notice the “A” in “Amazon” is not included in the email address.

Hover your mouse over any link in an email
Before clicking make sure the address looks right. When in doubt, do not click the link or open any attachments.

If you think a website might be fake, check the URL and confirm it includes “https://”
Similar to phishing emails, the URL of a fake website may look nearly identical to a legitimate website. Make sure to look out for any misspellings, unusual words or special characters before or after the company’s name. Look for “https://” not “http://” at the beginning of the address URL. Any legitimate entity asking for your payment info will have a secured website.

​To test whether you can spot a phishing scam, check out Google’s quiz.