As a self proclaimed geek people tend to come to me with questions about technology, specifically online technology. Some of you know I have an alter ego known as Girly Girl Geek, the lovable website creating WordPress Whiz. In this post I tackle the ever irritating phishing scams.
Hey Girly Girl Geek, How can I tell if an email is really a phishing scam?
Figuring out when an email is SPAM is usually pretty easy. It tends to offer you things like all night stamina and money for nothing. But phishing scams are harder to spot. Oftentimes they look like official email communication from places like your bank, PayPal, and even UPS or FedEx. They have the official logo, and the link looks like it goes to the official website. So how do you tell the difference?
It may seem almost impossible, but there are some things you can do to protect yourself from getting phished and giving unscrupulous people access to your accounts.
1. Don’t open any attachments. Some phishing scams, particularly those claiming to be from FedEx or UPS tell you to open your shipment info that they’ve attached. No, no, no. Don’t ever open attachments in any email unless you are absolutely sure what they are and that they are from who they say there are. That includes that email from Aunt Judy that just says, thought you’d like this, open the file. Just because it says it’s from someone, doesn’t mean it is. Or that their email account hasn’t been hijacked. When in doubt, contact FedEx, UPS or Aunt Judy via a reliable phone number (not the one listed in the email) and ask if they sent it and why.
2. Don’t click on links. Sure, the link they give says http://support.paypal.com but guess what? You can make a hyperlink say anything you want. For example, this link says it’s going to http://girlygirlgeek.com but it actually takes you to the Wikipedia entry for Phishing. Harmless, but phishing scams aren’t. They can take you anywhere they want. Often to a legitimate looking login page where you unknowingly give them your login info for your account. Yikes!
The best way to avoid this is not to click on links in emails. If something really is from your bank or PayPal, you can go to their site directly (not through the email link) and the message will also be available in your account if it is legitimate. Also, in some email programs, you can hover your mouse over the link and the actual link URL will show either in a pop-up or in the lower left-hand corner of your browser screen for web-based mail.
3. Don’t fall for scare tactics. A lot of these phishing scams will warn you of things like your account being limited or some other thing that causes you to freak out and make you more apt to click on a link without thinking. Stop, take a deep breath. Sometimes simply realizing the email has been sent to an email address not associated with your account can prove the email false. Or hovering over the links. If you’re really concerned contact your bank, PayPal or whomever the email is supposed to be from directly, bypassing any information in the email, even if it includes a phone number. They could be directing you to a phone manned by hackers with the plan to get you to give them your info that way. Use the phone number for your local bank branch or go to the PayPal website by typing in paypal.com and finding their contact info there. Don’t trust anything in the email to be real. And don’t let panic cause you to do something foolish.