Phishing is an attempt to trick you into giving confidential information or gaining access to your computer system. Cybercrime is becoming increasingly sophisticated and many people have been victims of cyber attacks. Phishing is the most common form of cyber attack and anyone with an email address can fall victim. It is therefore very important to know what phishing emails look like.
Examples of phishing emails
The use of fake emails is the most common way for hackers to phish. Phishing emails can look many different ways and supposedly be sent from a wide range of companies. It could be your bank threatening to close your account, or Nets discovering a problem with your key card. A common feature of the vast majority of phishing emails is that the sender needs your personal information. Often hackers pose as public authorities, such as the Swedish Tax Agency, as it is a trustworthy company.
The content of fake emails
A phishing email will typically include a link that you are asked to click on. This link will take you to a fake website that looks like the login page of the real website. When you enter your private information, the hackers will gain access to it. Sometimes the links may also contain malicious software that will be downloaded onto your computer when you click on the link.
Many years ago, phishing emails were almost always characterised by bad language with spelling mistakes and strange grammatical constructions. It is still possible for phishing emails to contain spelling mistakes, but machine translation has improved a lot in recent years and cyber criminals have also become more professional. Today, phishing emails often contain good, formal and trustworthy language.
Cyber criminals use different strategies to lure information from you, for example they encourage you to react quickly by including deadlines. They may also imitate logos of real companies to increase credibility. Phishing emails also typically include threats or warnings of negative consequences, such as closing an account or charging you money if you don't do as they say.
As well as paying attention to the content of suspicious emails, it's always a good idea to check the sender. If the sender's email address contains numbers or characters that shouldn't be there, there's good reason to believe it's a phishing email. Often hackers use domains in their email addresses that look like the real company domain, but there is a slight difference, such as a zero instead of an 'o' or an extra letter that is difficult to catch.
Cyber criminals can use various techniques to hide the URL of the links in their phishing emails. Either they can hide them by changing the link to a text, e.g. "click here", where "here" is the link itself. They can also write the whole hyperlink, but change it so that the URL looks real. In most email programs, you can hover over the link to see the real URL.
Take care of your confidential information
Here are some tips on how to protect your personal information and avoid phishing scams.
- Always be suspicious of emails you don't usually receive or don't expect to receive. If you don't know the sender or the company, it's most likely a fake email. If you know the sender but don't expect to receive an email from them, contact the company to check that they have sent the email. You can also keep an eye out for the company itself, which will report that fake emails are circulating.
- Always be suspicious of email attachments. If you are sent an attachment unexpectedly, it is a good idea not to open it or reply to the email until you have confirmation that it is from a genuine sender.
- Never send sensitive information by email. A bank or Nets, for example, would never ask you to send such information by email. If a company does not have the correct information, they will refer you to your account on their website.
- Make sure you have antivirus software and update it regularly. The program can intercept spam emails and spam files.
- Never access an account on the Internet through a link in an e-mail. For example, if you need to use your credit card to pay money to your bank or update your codes for Nets, go to the company's website through a search engine.
Avoid phishing on social media
Although phishing through email is the most common form of phishing, in recent years phishing has started to appear that is more targeted at mobile devices, for example through social media or text messages. SMS phishing, also known as smishing, has been around for a while. Phishing can also be done through phoneemergency call. This is called vishing.
Many people now use their mobile phones more than their computers, which is why hackers have started using Facebook and other media to send fake messages. So if you get suspicious messages sent over Facebook, or a strange pop-up message appears, don't reply or respond to them.
Have you been hit by fake emails?
If you follow the advice in this blog post, it's possible for you to stop the damage before it happens. But if you've been hacked and scammed out of money or given up personal information, there are still things you can do to fix the problem.
About the author
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.