5 tips to avoid getting phished in by email scams

Studio Shot 150X150

Scott Boyd

March 21, 2017

Travel and lifestyle

The internet is a wondrous technological advancement that has made the world a smaller place, where virtually everyone is connected with everyone else. But the problem with the internet is that it has made the world a smaller place, where virtually everyone is connected with everyone else.

In other words, even though you can now access incredible amounts of information, or easily communicate with someone on the other side of the world all with just one click, you must also be on the watch for those determined to use technology to steal your personal information. And all too often, it's the victims themselves who are tricked into providing these details. So to help you avoid a similar fate, here are 5 tips to keep in mind when browsing your emails.

1. Verify the email sender

“Phishing” is an attempt to cause the recipient of an email to either reply directly to the email, or to click on a link to another website that instructs them to provide personal and actionable data. This includes information such as credit card numbers, bank account details and passwords.

One common phishing tactic is sending an email from what appears to be a legitimate financial institution, asking the recipient to “confirm” account details by providing their account number. This type of message should immediately raise a huge alert. After all, if the email truly was from your bank, wouldn’t they already have your account details?

2. Never click on a link to access your bank account

Related to the previous tip, never click on a link in an email to access your bank account. Good phishers can set up a fake login page that, to the casual eye, is a dead ringer for your actual login page. This is known as “spoofing”, and unless you’re paying close attention, you may not notice that you're on a fake page until after entering your account or credit card details. And by then it will be too late, as the phishers will have already captured your details, and will have everything they need to access your account or make a charge on your credit card.

This is why it's always a good practise to enter the URL (i.e. web address) for your bank login page into the browser yourself, or to select it from your Bookmarks or Favourites list. This ensures you're actually going to the page you intended, and not a fake site. Also, look for “https://” and the closed lock icon in your browser’s address bar, as this indicates that you're on a secure site and not a potentially “spoofed” site.

3. Keep your antivirus software up to date

To protect against programs designed to harm your computer (i.e. “malware”) and other viruses, it's critical to have antivirus protection on your computer. It's equally important to keep the software current, as new forms of attack viruses are continuously being released by those looking to cause harm.

The most common means of tricking people into clicking on a link and launching an attack is known as a Trojan Horse email. Attachments and links in these emails can hide various forms of malware, and can do all kinds of damage including opening a “backdoor” to your computer. This can allow an attacker to access your computer at a later time, and potentially retrieve your passwords.

In addition to keeping your antivirus software up to date, be sure to keep your browser current as well. The leading browsers frequently release updated security patches to detect phishers and Trojan Horse-style attacks.

4. Watch out for popups

There's a reason most browsers block popup windows, as this is a common way to obtain confidential user data. Popups are designed to look like part of the application or web page you're currently viewing, but in reality they are forms that capture and send the information you enter to another target.

If you encounter a popup window that you feel is questionable, don’t click the “Close” or “Cancel” buttons in the window, as they could be programmed to launch an attack. Instead, close the popup window by clicking the “X” in the window title bar in the upper corner of the window.

5. Look for fake email tip-offs

Sometimes it’s the simple things that can tip you off that an email is not as it appears. For instance, an email purportedly from a large financial institution is not going to have spelling or grammar mistakes, and the existence of either should immediately raise concerns. As well, sentences in bold or contrasting colours urging you to “act now to avoid the cancellation of your account”, or some other form of over-the-top rhetoric, should also receive special attention.

While it is unfortunate that it's necessary to take such steps to protect yourself while online, the reality is that there are people out there looking to take advantage of any vulnerability. Keeping these tips in mind will help you protect your information, but nothing is foolproof. Ultimately, if you receive an email or online invitation and it just doesn’t feel right, your instincts are probably on the right track, and you should delete the email in question.