So you were pretty quick to figure out that the Nigerian prince that sent you an email wanting to share his wealth is a common Internet scam. You may even be able to recognize spam when it hits your inbox. But how do you know when it’s a phishing email or text? Phishing emails are intended to dupe the reader into clicking an included link for some nefarious reason, usually to send you to a fraudulent website or open a dangerous attachment that will infect your phone or computer with malware, worms, or install keylogging software to obtain your personal information. So how do you spot a phishing email?
Spam and phishing emails have been around as long as the Internet has been in existence. Telemarketers used to make phone calls and send letters through the postal service and that was the extent of the annoyance. Nowadays phishing emails can be extremely dangerous and highly sophisticated, so much so that you may not even realize that you are being duped. “Phishing” is what happens when criminals try and trick you through an email into handing over personal information such as credit card numbers, social security numbers, bank account information, or any other financial information. Their intent is to steal from you. Now that the Internet is so widely used and available, these criminals have millions of email addresses that they can steal or buy to use for their phishing schemes. Here are some signs to watch for when trying to identify a phishing email.
- Check the sender’s email address very carefully. If you don’t recognize it, delete it. If it looks like it comes from one of your contacts but doesn’t appear “right” for some reason, that contact’s email may have been compromised. Alert them and delete the email immediately.
- If the email contains multiple spelling and grammar errors, be very suspicious. Most legitimate companies will take the time to edit and/or spell-check their marketing materials and other communications so that they always appear professional. Many phishers – especially those located in foreign countries with no Internet oversight – will send out badly written, grammatically incorrect emails that are a dead giveaway that they aren’t legit. Delete them immediately.
- Take a look at the sender’s “from” address and see if it includes an international code. If you know you signed up for email coming from the BBC, their address will be www.bbc.co.uk and their emails will come from johndoe@bbc.co.uk. If you signed up on a website such as and their email shows up as coming from johndoe@majesticmoney.co.is, then that is a pretty good sign that the sender is not legitimate and you may have been hacked. Always check the actual sender line to see if it contains an international ending such as .al (Albania), .ng (Nigeria), or something similar.
- Some of these phishing emails have become very, very sophisticated. They contain common company logos, a personalized greeting is included, and everything looks legit. Many of us automatically trust emails from companies that we use every day such as banking sites, PayPal, Google, eBay, and so on. If ANYTHING looks off or suspicious, do not click on the links. Most legitimate companies will tell you upfront that they will never solicit financial information over email, so if you get an email from PayPal requesting such, open a new browser and log in to your account to verify it.
- Never, ever click on an attachment if you don’t recognize it or the sender, especially if it’s an executable file! This is how the phishers can install malware on your computer or phone that could potentially track and steal passwords, user names, and any financial information that you use on legitimate websites. Random attachments being sent to you are never a good thing so just delete them immediately and run your antivirus/malware protection software just to be on the safe side.
Hopefully with these tips you can protect yourself by deleting the phishing schemes before they can do any harm. If, however, you have fallen victim to one and accidentally clicked on the link or responded to the sender, it may take an outside source to help you navigate the clean-up process. Catching and prosecuting phishers is difficult, especially if they are located in foreign countries with different legal systems, but a professional can help you fortify and secure your computer before any important data are stolen.
Hiring a private investigator may be your best move to help protect your assets and reassure yourself that you have the proper software installed to prevent malware and viruses. Investigators can also track down the source of the email, its IP address, and the ISP to obtain the owner’s contact information if necessary. As Manhattan private investigator Darrin Giglio says, “Professional investigators can track down the perpetrators using cybercrime techniques, and use their expertise to help you follow the cyber trail to make sure you aren’t a victim ever again.”