This article is by Glenn Stok, a systems analyst with a Master’s Degree in Computer Science and hundreds of published educational essays.
Cyber thieves take advantage of those who fall for scams. However, you can be 100% safe when you pay attention to the red flags. I'll show you how to recognize Internet scams and learn to avoid becoming a victim.
How to Avoid Phishing Scams
If you find yourself on a website that you're not sure about, you can check the site carefully for some red flags:
- A spoof site copies a lot of content from the original site, but it may miss a few things that are obvious with a little scrutiny.
- If you see misspellings or poor grammar, that is a warning sign that you're on a spoof site.
- It's better to avoid ever going to such a site. When you see those red flags in an email, or a pop-up warning, ignore it and don't follow links to the site.
- Never log into an account via a link such as these. Always go directly to the site by entering the URL yourself. Save it in your bookmarks and click to it from there.
Be Cautious With Links From Other Sites
If another website talks about your bank, for instance, and they have a link to it, don’t follow that link. Once again, go direct or via your saved bookmark.
If you allow yourself to fall for scams, you can lose your hard-earned money for being hasty. It's easy to check things out by going to a site with a known accurate link you saved in your bookmarks, rather than trusting a link from an unknown source.
Identity Theft Happens in the Real World Too
Identity theft has been common long before the Internet:
- Criminals steal paper bills and bank statements from the garbage, finding social security numbers and account numbers that can be used to buy products under someone else’s name?
- Criminals steal credit card numbers at checkout counters in stores where they look over the cardholder's shoulder while they are holding the card waiting to pay.
These things happen in the real world, but in cyberspace we can protect ourselves a lot easier. The problem is that some people don’t know how they get deceived.
How People Get Fooled by Phishing
Many people get fooled into giving away their username and password by a method called phishing:
- They receive an email stating that their account was compromised and that they should log in and change their password immediately.
- They click on the link in the email and go to their bank's site or broker's site, whatever it may be.
- The site looks like the actual site. However, it's a fake—a spoof of the real thing.
- In a hurry to change their password, they no longer are thinking clearly, and they enter their user ID and password to log in.
- Being in panic mode, they don’t even take the time first to check things out. They just quickly change their password.
- They just gave their logon information to the criminal by entering it on the spoof site.
Any User ID and password would have worked. The hacker is expecting that people will enter their actual login information. Then they use this to log into the real site and transfer all the victim's money to an account of their own.
Example of a Phishing Email and How to Recognize It
Don't fall for email hoaxes. They attempt to get you to click to a site that installs a virus on your computer.
- I once received an email that looked like it came from the IRS, warning me that my recent bank transfer was rejected. It was not from the IRS, as it would seem.
- See the image of that fake email from the IRS below. Notice the link to the word doc file for the tax report in the example above. That link goes to a website that installs a virus on your machine. It's not a doc file.
- I knew that, without clicking. I simply hovered my mouse over that link. By hovering over a link, most browsers will display the actual URL address that you'd go to if you click. You can usually see that shown in the lower-left or right of your window.
- In this case, it showed me a strange-looking URL. So I knew it was fake. If it were indeed the IRS, it would have been a ".gov" address. This one was not.
- The fact that the link looks like a ".doc" word file is meaningless. Hackers can change what displays on your screen. The address can be easily forged. Don't fall for that game.
Fake Email From IRS
Why Is Phishing Successful?
Hackers succeed by scaring you into thinking you did something wrong. They send you an email saying your account will be closed unless you log in now and verify your information. They give you a link, but that goes to a spoof site. When you try to log in, you are giving your username and password to the thief.
People who fall for these scams are not stupid. They just don't understand how hackers work. They may be somewhat computer illiterate, but there is no excuse for that.
You can do better. Use your due diligence to check it out yourself, without panicking and without following dangerous links.
If everyone would just stop responding to these email scams, our inboxes wouldn’t be so cluttered with this garbage. The scammers would give up. They succeed because there are many people who fall for it.
Only Visit Secure Sites
All website URLs begin with http or https. Secure sites have the “s” and also display a padlock icon in the browser’s address bar.
Don’t ever do any banking or other commerce on sites that don’t begin with “https” in the URL. They are not secure.
Never Use the Same Password on Multiple Sites
A friend of mine used the same password on her Facebook and Gmail accounts. Due to a security breach of her Facebook account, a Nigerian hacker was able to access her Gmail account.
Later, she found her password had been changed on her Gmail account.
The hacker had taken over her account, sent out emails in her name to her contacts saying that she had lost her wallet on a business trip, and desperately needed a loan of a couple of thousand bucks to get home.
You can see how easy it is for her good friends to fall for this, thinking it was really her since it came from her email account. Good friends would respond and wire her the funds as described in the email. However, these funds would actually go to the hacker.
Remember, if you receive a fishy-sounding email from a friend, they may have been hacked. Try to confirm it's really from them by some other means, not by replying to the email. If you respond to that email, you'll give your email address to the hacker.
Use Two-Factor Authentication
Many companies are implementing this highly recommended procedure that adds a second layer of protection to your login process.
In addition to entering your username and password, a unique one-time authorization code will be sent to your phone, either by text or by a voice call. You need to enter that code to complete the login process.1
An alternative to sending a code to your phone is to use an Authenticator App that generates a unique code. It only works for your account and is only valid for a few seconds before it expires.
I use Google's Authenticator App2 that I downloaded, free, from the App Store. I like how simple it is to use. You don’t need to wait for a code sent to your phone. Microsoft has its own Authenticator for access to their sites.3
I use these methods on every website that supports them, and I highly recommend you do the same. You’ll be much safer for it.
What You Can Do to Help Others Avoid Scams
Whenever I get legitimate emails from my bank with links in the email to log in, I try to educate them. I send a report to management explaining how they are unintentionally teaching their customers to log in by clicking on links in emails.
I continue to explain that someday one of their customers will receive a phony email and will be scammed into giving their account information to a hacker on a spoofed phishing site.
If you get an email like that from your bank or financial institution, give them hell. Tell them they are creating a security breach. If enough of us show them that we are smarter than they are, they may get the message.
If you have kids using computers, educate them about these proper methods of safety.
And remember, never panic and get tricked into following dangerous links when you get a warning. Take your time to investigate and use your own saved links.
© 2018 Glenn Stok
Glenn Stok (author) from Long Island, NY on October 15, 2018:
Natalie - I'm glad you got it resolved, but it goes to show how important it is to avoid installing unknown software.
This includes avoiding clicking anything in questionable emails that give permission to install behind the scenes.
Natalie Frank from Chicago, IL on October 15, 2018:
I was hacked repeatedly after someone got ahold of my pc and loaded something onto it. I realize now a days you don't have to have access to the actual computer to do a number on someone but evidently whatever this was made it all but impossible to purge. It mutated as soon as anyone tried anything to get rid of it and kept sending my info to the perpetrators by bouncing the signal all over kingdom come. Luckily I was one of many victims and one of the alphabet organizations got involved and all was right with the world again - or at least my pc. Thanks for a fascinating and useful article.
Glenn Stok (author) from Long Island, NY on October 15, 2018:
Jaze Pink - I did not post your comment because it included that email you received from a hacker and it contained information that is best left off the internet. However, I did want to give you a reply...
First of all, I’m sorry to hear about the problems in your life. As for the hacking, one should always ignore emails that threaten you. They are meant to get you to installed malware which only makes things worse. You probably followed up with the hacker and gave them access the your computer. That’s why you are having the grey screen now with only a blinking question mark.
I can’t help you reverse that. You need to remove the malware. The safest way is to reformat your hard drive and reinstall from an earlier backup taken prior to the invasion.
In the future, don’t fall prey to these tactics. Just ignore them.
readmikenow on February 23, 2018:
Very good article. I once lost a PC to a virus. My teenager clicked on an Email that turned out to be a big mistake. I enjoyed reading this.
Glenn Stok (author) from Long Island, NY on February 23, 2018:
Denise, Best thing is to just ignore them. Any website that uses pop-ups doesn’t deserve your business anyway. They are intrusive.
Denise W Anderson from Bismarck, North Dakota on February 23, 2018:
I clicked on a pop-up once at work that looked like it was from one of the programs that I use regularly and ended up crashing my entire computer! It is easy to fall for these things when they imitate programs and websites you are already using. I like your policy to check it out before clicking, just in case!
Glenn Stok (author) from Long Island, NY on February 22, 2018:
Eric - I use gmail too in addition to a few other email accounts for various purposes. I’ve noticed how well they filter spam. But you’re right. We have to be alert to recognize phishing attempts that get through.
Eric Farmer from Rockford Illinois on February 22, 2018:
Very useful advice on avoiding Phishing. It is not something I think much about because of how Gmail tends to filter all of these right into junk but every once and while something gets through.
Glenn Stok (author) from Long Island, NY on February 19, 2018:
Mary Wickison - You sure are doing your due diligence. Good for you! Logging into your bank and checking for communication there, is the safest way to do it.
Mary Wickison from Brazil on February 19, 2018:
You're right about the banks, I had a similar email that didn't use my name, it just said, Mrs and then was blank.
I didn't respond and contacted my bank and asked them if it was from them. They check their records and it had been.
I explained that it looked like a scam because they didn't even use my name. In the future, if I receive a suspect email, I will just log in to my bank account and any kosher emails will be there in my messages.
As internet users, we have to stay alert to potential dangers. The thieves and hackers will only get smarter.
Brian Leekley from Bainbridge Island, Washington, USA on February 18, 2018:
Thanks for the tips, Glenn. Some are new to me, such as the Authenticator app.
I'm suspicious of some of the system warnings that a website may have been compromised. In some cases the real motive seems to be that a corporation, such as Google, doesn't like the politics of the site so falsely and baselessly expresses suspicion to frighten browsers away.
Natalie Frank from Chicago, IL on February 17, 2018:
Great article with lots of practical information. Thanks for writing it.