When you learn to spot the signs of phishing, you can better protect yourself and your loved ones against phishing scams.
Phishing is a method in which cyber criminals use to fraudulently obtain your personal and financial information such as your login details, bank account numbers and credit card numbers. They often disguise themselves as a legitimate individual or reputable organisation in email, instant messaging and other communication channels. Once cyber criminals obtain your personal information, they could gain access to your online accounts, and even impersonate you to scam the people around you, such as your family, friends and business partners.
As cyber criminals come up with increasingly convincing and sophisticated methods of phishing, we must be prepared for what might come our way. To prevent yourself from becoming a victim of phishing scams, learn to spot the signs of phishing.
How to Spot the Signs of Phishing
Here are six signs to look out for when you encounter a potential phishing scam:
Mismatched and misleading information Cyber criminals will attempt to mislead you into believing that the information you see is genuine. To ensure you do not fall for their tricks, study the information closely.
For emails, look out for a sender’s email address that may look similar to a company’s official email address. Hover your mouse cursor over links in emails. When your mouse cursor hovers over a link, a small window will appear above the link to show you the actual URL, which is the real destination of the link. If the links are mismatched, it is a strong indicator that something ‘phishy’ is going on. If you are using a mobile device, long-press the link to display a window with the actual URL. Be careful not to tap and open the link!
For websites, don’t be deceived by how they look. Cyber criminals can easily create phishing websites that are visually similar to legitimate websites. To distinguish the two, take note of the URL in the address bar of your web browser. Cyber criminals often use tricks such as substituting letters in a URL to mislead you into thinking that you are on a legitimate website e.g. www.paypa1.com instead of www.paypal.com.
Use of urgent or threatening language By pressuring you to reply quickly or issuing ultimatums, criminals hope to instil panic and fear to trick you into providing confidential information. Be wary of emails with phrases such as ‘urgent action required’ or ‘your account will be terminated’. If you have good reason to believe it is a scam, delete the message immediately.
Promises of attractive rewards False offers of amazing deals or unbelievable prizes are commonly used by cyber criminals to encourage you to act immediately. If you all you need to do is to click on a pop-up or complete an email survey to win a free trip to Europe, it is safe to presume that it is a phishing scam. Remember the old adage, ‘If it sounds too good to be true, it probably is’.
Requests for confidential information Most organisations will never ask for your personal information such as NRIC, login credentials and credit card details to be sent over the Internet. If the sender claims to be from your bank and requests for your bank account number, it should raise a red flag immediately. When in doubt, contact the company directly to clarify, but be sure not to use the contact information provided in the email.
Unexpected emails Cyber criminals often test their luck by sending mass emails to large groups of people, in hopes that someone responds. If you receive an email about an invoice for an item you did not purchase, do not click on the links and attachments and delete the email immediately.
Suspicious attachments Cyber criminals include attachments in their emails as a method to infect a user’s device with malware and steal their data. It may be instinctive to open attachments we receive but it is important to exercise caution. Look out for suspicious attachment names and file types. If the attachment is for something you have no recollection of or uses an uncommon file type such as .exe, trash it.
By keeping these six signs in mind and remaining vigilant at all times, you can avoid falling for phishing scams.
If you are a victim of a phishing scam, here’s what you can do:
Change your password immediately. If the revealed password is used on your other accounts, change those too. When creating a new password, be sure to use a different password for each of your online accounts.
SingCERT encourages the reporting of cybersecurity incidents as it enables us to better understand the scope and nature of cyber incidents in Singapore. This will enable us to issue alerts or advisories on relevant threats, and assist a broader range of individuals and organisations.