As a technical writer with a Master's Degree in Computer Science, I share my knowledge and experience for educational purposes to help you.
What Are Phishing Scams
Phishing is the method hackers use to get you to fall for scams. It’s done mainly by two methods:
- With fake security-threat warnings that make you install malware on your computer by falling for the scam.
- With emails claiming you have a crucial issue that needs to be addressed.
Both of these tricks get you to reveal personal information. There is always some clue that an email, text message, or pop-up warning is from a cyber thief attempting to take advantage of you.
Unfortunately, some people don't pay attention to the red flags. I'll show you how to recognize tricks scammers use to get your personal data and steal your identity.
Avoid Giving Away Your Username, Password, and Your Money
Many people get fooled into giving away their username and password by phishing attempts. Once you understand how that works, you'll know how to avoid being victimized by it:
- You receive an email stating your account was compromised, and you should log in and change your password immediately.
- You click on the link in the email and go to the bank's or broker's website, or whatever it may be.
- The site looks like the actual site. However, it's a fake—a spoof of the real thing.
- In a hurry to change your password, you are not thinking clearly, and enter your user ID and password to log in.
- In panic mode, you don’t take the time to check things out. Spoof sites always have clues they're fake—when you pay attention.
- You just gave your login information to the criminal by entering it on the spoof site.
Any User ID and password would have worked. The hacker is expecting that people will enter their actual login information. Then they use this to log into your real site and transfer all your money to their own account.
A little scrutiny is crucial. But better still, never log into an account via a link. Always go directly to the site by entering the URL yourself. Save it in your bookmarks and click to it from there.
Example of a Phishing Email and How to Recognize It
Don't fall for email hoaxes. They attempt to get you to click to a site that installs malware on your computer.
- I once received an email that looked like it came from the IRS, warning me that my recent bank transfer was rejected. It was not from the IRS, as it would seem.
- See the image of that fake email from the IRS below. Notice the link to the word doc file for the tax report in the example above. That link goes to a website that would install malware. It's not a doc file.
- I knew that without clicking. I simply hovered my mouse over that link. By hovering over a link, most browsers will display the actual URL address you'd go to if you click. You can usually see that shown in the lower left or right corner of the window.
- In this case, it showed me a strange-looking URL. So I knew it was fake. If it were indeed the IRS, it would have been a ".gov" address. This one was not.
- The fact that the link looks like a ".doc" word file is meaningless. Hackers can change what displays on your screen. The address can be easily forged. Don't fall for that game.
Fake Email From IRS
Don't Fall for Fake Infection Warnings
A common trick is to place a security-threat warning in a pop-up saying your computer is infected. That can happen when you visit a spoof website.
But consider how you always take precautions and never click potentially dangerous links. So you know your computer is not infected. In that case, you can rest assured that the pop-up is fake and is trying to get you to follow instructions to clean up the infection.
However, if you click any link in the pop-up, that will undoubtedly trigger the installation of malware. So it's best to close your browser rather than clocking anything. Don't even click the "x" to close the pop-up because hackers program it to install their malware when you do that.
Never Use the Same Password on Multiple Sites
I'll tell you a true story, so you'll know why this is so crucial.
A friend of mine used the same password on her Facebook and Gmail accounts. Unfortunately, due to a security breach of her Facebook account, a Nigerian hacker was able to access her Gmail account.
Later, she found her password had been changed on her Gmail account.
The hacker had taken over her account and sent emails in her name to her contacts saying that she had lost her wallet on a business trip and desperately needed a loan of a couple of thousand bucks to get home.
You can see how easy it is for her friends to fall for this, thinking it was really her since it came from her email account. Good friends would respond and wire her the money. However, it would actually go to the hacker.
Remember, if you receive a fishy-sounding email from a friend, their account may have been hacked. Try to confirm it's really from them by some other means, but not by replying to the email. Responding to that email will give your email address to the hacker.
Use Two-Factor Authentication for Security
Many companies are implementing this highly recommended procedure that adds a second layer of protection to your login process.
In addition to entering your username and password, a unique one-time authorization code will be sent to your phone via text or voice call. You need to enter that code to complete the login process.1
An alternative to sending a code to your phone is to use an Authenticator App that generates a unique code. It only works for your account and is only valid for a few seconds before it expires.
I use Google's Authenticator App2 that I downloaded free from the App Store. I like how simple it is to use. You don’t need to wait for a code to be sent to your phone. Microsoft has its own Authenticator for access to its sites.3
I use these methods on every website that supports them, and I highly recommend you do the same. You’ll be much safer for it.
Only Visit Secure Sites
All website URLs begin with http or https. Secure sites have the “s” and also display a padlock icon in the browser’s address bar.
Don’t ever do any banking or other commerce on sites that don’t begin with “https” in the URL. They are not secure.
Help Educate Others to Avoid Scams
Whenever I get legitimate emails from my bank with links in the email to log in, I try to educate them. I send a report to management explaining how they are unintentionally teaching their customers to log in by clicking on links in emails.
I explain that if one of their customers receives a phony email from a hacker, they could be scammed into giving away their account information on a spoofed phishing site.
If you get an email like that from your bank or financial institution, tell them they are creating a security breach. If enough of us show we are smarter than they are, they may get the message.
If you have kids using computers, educate them about these proper safety methods.
People who fall for phishing scams are not stupid. They just panic and do the wrong thing. Cyber scammers are good at making people panic.
You can do better. Use your due diligence to check it out without panicking and following dangerous links.
If everyone stopped responding to phishing emails, scammers would give up. They succeed because many people fall for them.
© 2018 Glenn Stok
Glenn Stok (author) from Long Island, NY on October 15, 2018:
Natalie - I'm glad you got it resolved, but it goes to show how important it is to avoid installing unknown software.
This includes avoiding clicking anything in questionable emails that give permission to install behind the scenes.
Natalie Frank from Chicago, IL on October 15, 2018:
I was hacked repeatedly after someone got ahold of my pc and loaded something onto it. I realize now a days you don't have to have access to the actual computer to do a number on someone but evidently whatever this was made it all but impossible to purge. It mutated as soon as anyone tried anything to get rid of it and kept sending my info to the perpetrators by bouncing the signal all over kingdom come. Luckily I was one of many victims and one of the alphabet organizations got involved and all was right with the world again - or at least my pc. Thanks for a fascinating and useful article.
Glenn Stok (author) from Long Island, NY on October 15, 2018:
Jaze Pink - I did not post your comment because it included that email you received from a hacker and it contained information that is best left off the internet. However, I did want to give you a reply...
First of all, I’m sorry to hear about the problems in your life. As for the hacking, one should always ignore emails that threaten you. They are meant to get you to installed malware which only makes things worse. You probably followed up with the hacker and gave them access the your computer. That’s why you are having the grey screen now with only a blinking question mark.
I can’t help you reverse that. You need to remove the malware. The safest way is to reformat your hard drive and reinstall from an earlier backup taken prior to the invasion.
In the future, don’t fall prey to these tactics. Just ignore them.
readmikenow on February 23, 2018:
Very good article. I once lost a PC to a virus. My teenager clicked on an Email that turned out to be a big mistake. I enjoyed reading this.
Glenn Stok (author) from Long Island, NY on February 23, 2018:
Denise, Best thing is to just ignore them. Any website that uses pop-ups doesn’t deserve your business anyway. They are intrusive.
Denise W Anderson from Bismarck, North Dakota on February 23, 2018:
I clicked on a pop-up once at work that looked like it was from one of the programs that I use regularly and ended up crashing my entire computer! It is easy to fall for these things when they imitate programs and websites you are already using. I like your policy to check it out before clicking, just in case!
Glenn Stok (author) from Long Island, NY on February 22, 2018:
Eric - I use gmail too in addition to a few other email accounts for various purposes. I’ve noticed how well they filter spam. But you’re right. We have to be alert to recognize phishing attempts that get through.
Eric Farmer from Rockford Illinois on February 22, 2018:
Very useful advice on avoiding Phishing. It is not something I think much about because of how Gmail tends to filter all of these right into junk but every once and while something gets through.
Glenn Stok (author) from Long Island, NY on February 19, 2018:
Mary Wickison - You sure are doing your due diligence. Good for you! Logging into your bank and checking for communication there, is the safest way to do it.
Mary Wickison from USA on February 19, 2018:
You're right about the banks, I had a similar email that didn't use my name, it just said, Mrs and then was blank.
I didn't respond and contacted my bank and asked them if it was from them. They check their records and it had been.
I explained that it looked like a scam because they didn't even use my name. In the future, if I receive a suspect email, I will just log in to my bank account and any kosher emails will be there in my messages.
As internet users, we have to stay alert to potential dangers. The thieves and hackers will only get smarter.
Brian Leekley from Bainbridge Island, Washington, USA on February 18, 2018:
Thanks for the tips, Glenn. Some are new to me, such as the Authenticator app.
I'm suspicious of some of the system warnings that a website may have been compromised. In some cases the real motive seems to be that a corporation, such as Google, doesn't like the politics of the site so falsely and baselessly expresses suspicion to frighten browsers away.
Natalie Frank from Chicago, IL on February 17, 2018:
Great article with lots of practical information. Thanks for writing it.