If protective programs like antivirus and firewall are becoming stronger with each passing day, so are the methods employed by cyber criminals. Despite the advance in digital technology, error in human judgment still remains the largest reason for the ubiquity and success of email scams and phishing attacks. Usually the stakes are small, but there are many cases where people end up giving away bank account numbers and passwords. How then, do you spot an email scam?
Thankfully, they are not that difficult to identify if you know what to look for. Let’s look at a few examples:
- Scams for the gullible (Classic Scams): An ex-CIA agent or a member of the Nigerian royal family is stuck in a tribal war wants to get out of the country and needs your help. You’d have to send your bank details, so that he can transfer his fortune (something like a few hundred million dollars) to you before his accounts are sealed and any chance of escape is doused. It all sounds too good to be true, and it is. No matter what they tell you—government validation, your winning the national lottery (which you never participated in), random jackpots—giving out your sensitive financial information is a strict no-no. Think about it… why you? Is it realistic?
- Scams for the clever ones (New Age Scams): Now here’s a type of scam that is harder to spot and prevent. Much harder. Its called Phishing.
Unfortunately, the Internet makes it possible to fake email address from any source like Facebook, PayPal, Amazon, etc. The scam works by asking you to log into your account (for verification purposes, saying you’ve being dormant for a while, there have been system changes, there has been a security breach etc.). But the catch is that the link provided will take you to a fake page which will be an exact replica of the genuine login page. Of course if you enter your details, they are lost to criminals. The email might also have embedded scripts (malicious code) that run as soon as you click on the link, so your computer might also get affected in the process.
So how do you deal with these types of scams and phishing attacks? It is a good idea to be very suspicious to start with and check the link you are asked to follow. To do that, have a look at the page source and see the target link in the anchor tag. It will look like: <a href=“<phishing link comes here”> Click here to verify your account.</a>.
If you ever get such a verification email, stop and think before you click on it. When you want to check if the email is genuine or not, logging in to the website directly and checking your messages or notifications is a better idea. Just remember, if it looks dodgy, it probably is.