Digital Literacy - How to Identify Phishing Links
When it comes to cybercrime, prevention is key. Once your data is taken, it can easily be copied and placed in hundreds of databases in minutes, and it’s exceedingly difficult to remove that information (although not impossible, more on that in a second). So, the best thing to do is to recognize threats before you fall victim to them or to avoid threats from coming to you all together.
Know What They’re After
Since cybercrime is evolving constantly and new techniques/grifts are cropping up all the time, one of the most important things to know is what the perpetrators are after.
While there are dozens of different types of cybercrime, the goal is generally one of the following:
Data Harvesting – The act of collecting personal or company data in order to sell to marketers or other scammers. It is difficult to even notice when your data has been harvested. If this happens to you it will likely lead to an increase in spam emails, phone calls, and other targeted attacks. Individuals might try to use your data to “hack” into your personal accounts as well. This type of crime is often used for identity theft or even corporate espionage.
Financial Scams/Extortion – This is what most people think of when they think of cybercrime. Spam phone calls, popup ads, and phishing links are used to trick people into downloading ransomware or to trick people into thinking they owe money to the IRS or that their computer has been infected with a virus that only they can fix. This type of scam preys mostly on the elderly.
Remote Access – This type of cybercrime is on the rise and is dangerous as it could go unnoticed for months. Criminals trick you into giving remote access to your computer allowing them to view your files or install their own software. Recently, a process known as “cryptojacking” has been on the rise which essentially installs software on your computer that mines cryptocurrency using your computer’s resources.
There are of course other goals of cybercrime, but these are the most common goals of criminals. If you keep these general “goals” in mind, you’ll have an easier time identifying cybercrime as its happening. But how do they reach these goals?
Categorizing and Recognizing Threats
Phishing is the most common/well known type of cybercrime. Phishing is the act of “baiting” someone into click a link or downloading a file in order to gain information. Most phishing attempts come in the form of links that appear to be from someone or a company you trust, e.g., Amazon, your boss, or Microsoft. Phishing is common because criminals are able to “cast a wide net” by sending thousands of phishing emails/texts at once. Phishing can also take the form of an advertisement that looks like something you should click, such as a warning that you have a virus or a popup to download something.
Spear-Phishing – This form of phishing not a “wide net” approach and involves a specific targeted attack on an individual or a group of individuals. Spear-Phishing often takes the form of emails that appear to be from your boss or someone you know; in this email they’ll ask for information or ask you to download something to check it out. These can be emails such as your “boss” asking for your phone number or address or asking you to give them your password/login information. They might also send links.
The basic rule of thumb when dealing with any type of phishing attempt is to proceed with caution whenever you’re being asked to click on anything via email/provide your information. Be sure to check the sender’s information by hovering over the sender, it might say your boss’s name, but the URL or phone number might be completely different. Phishing attempts also often use improper grammar or will include irrelevant information that seems out of place. A common recent example of a phishing scam is sending out links to software you might use for work. For example, you might receive an “invitation to download Microsoft 365” from your boss or from Microsoft. There is no product called “Microsoft 365,” so you should already be on high alert. But you might not know that! Next, you should think about whether or not anyone told you that this change was happening or if it even makes sense. If you already have Microsoft Office, then it’s most likely a scam.
Here’s a phishing attempt I received doing exactly that. Notice how strange the email is laid out, Microsoft account followed by a subheading that says Microsoft 365 Enrollment, the grammar is also very clunky and doesn’t sound like something Microsoft or my company would write, so I’m already thinking “okay this is fake.” Phishing attempts will also create a false sense of urgency, in this case there is a deadline to enroll by January 4th, as you can see, I received this email on the 3rd, meaning I better click it right away! Additionally, when I hover over the link to activate my email account the URL isn’t Microsoft or anything I recognize, but a clearly foreign site. Finally, there’s the sender’s information. “Microsoft <[email protected]> comes off as real, but shouldn’t it come from Microsoft.com? And it goes without saying, but again Microsoft 365 isn’t a real product! Office 365 is, and your brain might just make the link right away (which mine unfortunately did), but by just taking one extra second to scrutinize it, you’ll be able to realize “this doesn’t seem real.”
When you think something is a phishing attempt, don’t engage with it. Do not click anything to “see if it’s real” and do not download attachments, even if they’re simply a word document. You can hover over the sender’s email address for more information but that’s about it. You could bring it up to your boss if it applies to them (but do not forward the email). If you’re certain it’s a phishing attempt report the email or simply back out of the email and leave it alone.
If you’re unsure if something is a phishing attempt, ask someone. Just again, definitely do not forward the email. Screenshots, however, are okay. And remember, most spam emails are identifiable simply from the subject line alone!
Common Phishing Attempts
Here’s a couple screenshots of common phishing scams just to help you tailor your expectations:
There are also plenty of newer scams revolving around the pandemic, stimulus checks, rent forgiveness and much more. Pay close attention and avoid engaging in order to make sure you’re protected from this common type of scam!
A Tool Designed to Protect you if you Fall Victim to a Phishing Scam
We all make mistakes, and since these scams are getting better and better, there’s a chance you or a family member might slip up and fall victim to one of these scams. If that’s the case, hopefully no valuable information was given, but if some was, your best bet is using a product like Aura.
Aura is a service that actively scans the internet and monitors all attempts at fraud and cybercrime. Aura is designed to seek out your information that has been stolen and to erase it, protecting you from the threats we listed above.
If you’d like to learn more about Aura, click here.