10 Red Flags to Help You Spot a Phishing Scam
Phishing scams have been going on since the advent of the internet. Despite technological advances, scams have been on the rise and cause businesses to lose an average of more than $14 million every year. We recently published an article covering this very issue: "Phishing is a plague that won’t go away." We found that phishing is still a huge problem because it requires a low investment, reaches millions of people quickly, and acts like a wolf in sheep’s clothing. Psychology comes into play as many people will fall for the bait, still opening emails and clicking on links even though half of all messages are fraudulent or malicious.
In addition, cybercriminals have become more sophisticated in executing phishing attacks. According to the FBI, phishing is the most common cyberattack, more than double that of any other digital crime. Although these phishing scams are frequently sent through email, they are becoming more common in text messages and messaging apps. According to Google, 25 billion spammy web pages can be found on the internet.
Chances are, you’re going to be exposed to scams every time you use your computer, smartphone, or mobile device. Phishing happens when a cyberattacker sends a fake, spoofed, or deceptive message attempting to trick you into sharing sensitive information or allowing software to attack your device through malicious links and attachments. Keep in mind that these phishing scams often look like they came from a company you trust and tell a story designed to trick you into taking an action, which opens you up to be attacked
The key to avoiding becoming a scamming victim is by preventing it from happening in the first place. To do that, we’ve identified 10 red flags to help you spot a phishing scam.
Red flag #1: "We noticed suspicious activity or log-in attempts"
This is one of the most common messages you’ll receive from scammers. Typically, you’ll receive an email or text that appears to be a notification that someone tried to log in or use your account. It could be a bank account, shopping site, payment gateway, or some other type of company that is used by you or a popular one used by many. By sending this type of message, the scammer is hoping that you click the link in the message. The link usually takes you to a fake site that looks like a legitimate company. You’ll be asked for your login information, which the scammer can record and use to access your account on the real website. Once they get into your account, they can change your information and transfer money out. This is called pharming.
Red flag #2: "There’s a problem with your payment information"
Scammers use messages about issues with payments to try to get you to provide sensitive information. They’ll request account login information or credentials that give them access to your money. This approach may use a fraudulent website (pharming) or make the message look like it came from somebody familiar (spoofing). The fake domain name or email address often contains letters that are slightly different from the company they’re pretending to be. Check the headers, return email address, and other indicators that the sender is fake.
Red flag #3: "Please confirm your account information"
Notices about confirming your account information are another way to get you to log in to a fake website or app. The scammers record the information as you enter it and then use it to get to the real account. You may fall victim to this through spoofing or pharming scams. Messages received frequently look like they came from a bank or other financial institution. In addition, it's not uncommon for scammers to make you think your crypto account is in jeopardy. Recently, Telegram messaging app users have been receiving alerts to verify their Coinbase or similar crypto wallet credentials.
Red flag #4: "See enclosed invoice"
You’ll often see this in an email, making you think that you owe money for something. In many cases, you may not recognize the company name and information. In other cases, it could be a well-known company or one you’ve used in the past. Scammers send these messages typically with links to bogus websites or instructions to download the invoice to view it. Downloads frequently contain malicious software or malware that can be installed on your device to gain access to personal information.
Red flag #5: "Register for a government refund"
In the wake of the pandemic, when a large number of people have received personal and business relief payouts, it’s common to still see scams about government refunds. These phishing scams may try to trick you into accessing a website, downloading a document, or providing sensitive personal information. The Internal Revenue Service (IRS), Small Business Association (SBA), and various other government agencies never process funds through email, phone calls, etc.
Red flag #6: "Here’s a coupon for free stuff"
Coupons, gift cards, free stuff, prizes, etc., are all red flags that commonly grace consumer emails and text messages. As they say, if it sounds too good to be true, it probably is. That goes for scams as well. Often, this type of phishing tries to get you to pay shipping or other fees or provide personal identity information before you can claim your special gift or prize. Unless you recognize the message as something that you’ve gotten or applied for, chances are it’s fake. In addition, if you’re asked to pay for something that’s supposed to be free or won in a contest, chances are it’s a scam.
Red flag #7: "Hello dear"
No reputable, professional company is going to send you an email or other message that says, "Hello dear!" That’s an obvious red flag in word usage. Similar to these strange types of salutation, you may also notice emails or texts that contain errors in grammar and spelling. Frequently, it’s a telltale sign that the scammers are from another country where English is not their native language.
Red flag #8: "I have an extra Nitro account for free"
Like Telegram, Discord messaging has seen a rise in phishing scams. While you may have already heard about Bitcoin giveaway scams, there's a new one that's wreaking havoc on users. Discord Nitro is a paid membership service that gives you extra perks that make you stand out on the platform (e.g., better emojis, animated avatars, etc.). As a hot commodity, criminals are claiming they have free Nitro accounts to giveaway. The link they provide goes to a fake Discord login page, where they gain access to your credentials. Sometimes, scammers will prompt you to connect your Stream account as well.
Red flag #9: "Please confirm or your blue badge Twitter account will be deleted"
Twitter accounts for businesses, famous people, and influencers with large followings are often verified as being legitimate by showing a blue badge. That way, customers and fans know that the account is real and trustworthy. Failure to have this verification on a Twitter account can be detrimental for a brand. That's why phishing scams frequently target blue badge accounts, tricking owners into clicking a fake Twitter support link to confirm their information.
Red flag #10: "You've infringed on a copyright"
Instagram is another social media site that's not immune to phishing scams. In this case, you'll receive a message warning you that you've infringed upon somebody's copyright and need to respond to avoid losing the account. You'll be instructed to click a link that looks like it's from Instagram's support staff. However, the link is used to collect your login credentials.
Scammers have been increasingly using email, social media, and apps to send phishing messages. If you regularly use your computer and mobile devices, then you’ve likely run across these notifications. Unfortunately, even though most people are aware of phishing scams, they’re still sometimes tricked into thinking links to websites or downloadable attachments are the real thing.
At FYEO, we’re developing a product designed to address phishing at the browser level via an app extension called FYEO Agent (coming soon). This is important because phishing is no longer isolated to email. Instead, malicious links can come from Discord, Telegram, Twitter, and other social media sites and apps, and it’s a plague that isn’t going away in Web3. Our beta version of FYEO Identity is currently available for use on Chrome and Brave browsers and on iOS and Android mobile devices! Sign up today and be added to our invite list along with other early adopters.