I’m the go-to tech person for many of my web design clients. So I’ve helped more than one writer and small business owner when they thought they smelled a phishing scam. Or (worse) when they were already in the middle of one. Today’s tech tip is about how to avoid phishing scams: how to spot the kind of scams that are coming to email inboxes in 2023 and how to handle them.
What is Phishing?
Phishing is when someone is fishing for your personal information. That could be a credit card number, bank account, or personal information. They’ll use that to get access to your accounts. (This is why you shouldn’t have personal information as part of your passwords. Birthdays, child names, etc. are too easy for people to find.)
It’s common to get them as emails but you can also get them through the contact form on your blog, DM feature on social media, text messages, and phone calls. (“We’ve been trying to reach you regarding your car’s extended warranty…” Then they ask for you personal info to “verify” it’s you.)
What Phishing Looks Like
Phishing emails usually pretend to be from a legitimate company.
The three images above are real phishing scams I’ve received in the last month.
- An email (supposedly) from a local hardware store that came to my email.
- A message (supposedly) from the domain registrar for my author website.
- An email (supposedly) from a software company with an invoice.
My email’s spam filter only caught one of them.
4 Clues That an Email May be Phishing
There are some clues you can use to sniff out phishing. If you’re still unsure, I’ve got tips below on how to handle it.
1. Email Address Doesn’t Match Who They Say They Are
Businesses don’t send emails from random email addresses.
The email address should end in a domain that matches the business name. (….@BusinessNameHere.com). They should NOT be from a free email provider like Gmail, Yahoo, Hotmail, etc.
Depending on your email client, you might have to click “See more” or an arrow to see the full email address.
All three of these scam emails fail this test. That’s why I check the email address first.
2. It’s Too Good to be True
No, that hardware store is not really giving me free stuff with no strings attached.
Businesses and individuals don’t reach out to strangers to give them things for free, no strings attached. If someone has a giveaway, they want something in return – signups to their mailing list, to keep you as a customer, publicity, etc.
3. Unprofessional Emails
Software companies don’t send emails with no subject, no text, no logo, no… anything.
Emails from businesses should look professional.Especially the kind of big businesses phishers like to pretend they are. Real businesses’ bottom line depends on earning your trust which means showing you they do good work – even in email.
4. Purchases You Didn’t Make And Companies you Don’t use.
I’ve never bought Norton Antivirus software, so I shouldn’t be getting an invoice from them. Even if I had bought from them, I haven’t this time. The website domain message wasn’t from the company that I use.
They’re hoping you’ll panic and click a link or call them – then they can get your info.
Yes, it’s possible you were misbilled or (gulp) someone got a hold of your credit card or banking info and made purchases. In the next section, I cover what to do if you’re unsure if an email is legit or not.
What To Do If You Think You Have Scam Email
If an email has landed in your inbox that you think is suspicious, here’s what to do.
Step 1: DON’T CLICK ANYTHING OR OPEN ATTACHMENTS
Opening the email to read it in your email client is fine. Don’t click on links or download anything – that could install malware.
Step 2: If You’re Unsure, Investigate the Email
Check out the email address. (See Clue 1 above.)
Don’t click on links – but you can hover over the links to see what address it takes you to. In my browser it pops up with a small box in the bottom left of the window. The links may say LegitimateBusiness.com in the email, but it could take you to NastyMalware.com.
In the hardware store email, the image link takes you to a suspicious URL. (See the pic above.)
Step 3: Still Unsure? Contact the company separately
Don’t click on links or reply to the email! (Yes, I will keep saying that.)
Search for the business’s website – use the contact info there. You’ll be sure you’re talking to the real company, not a scammer. They’ll be able to tell you right away if an invoice or email is legitimate or not.
STEP 4: Once you’re sure…
Mark the message as spam in your email client. This helps your email service catch more scam emails before they hit your inbox.
Delete the email and breathe a sigh of relief.
I think I’ve been phished!
First, take some deep breaths if you need to. Catching it is good – it makes it easier to fix the problem. Here are some steps you should take to protect yourself.
Don’t be afraid to reach out to someone for help. This is not a part of my normal services, but I will help existing clients who are in a pinch. A local IT service or tech-savvy relative may also be able to help you.
Step 1: Run anti-virus software if you clicked links, opened attachments, or downloaded anything. This will help you find and get rid of any malware on your device.
Step 2: Change all your passwords. If scammers have gotten into your accounts, you want to kick them out. Using a password manager like BitWarden will help you set secure passwords and keep track of them.
Step 3: If your bank accounts or credit cards are impacted, call them. They can walk you through how to handle it.
Step 4: Keep an eye on your accounts and address suspicious activity. For instance, report suspicious charges to your credit card company.
Step 5: Install Captcha to prevent spam in your website contact form. Those “I am not a robot” boxes can significantly cut down on the amount of spam you get. If you’ve got Captcha and are still getting a bunch of spam, you can upgrade to a more advanced form of Captcha. (For instance, from ReCaptcha 2 to ReCaptcha 3 which let’s you tighten up the security.) We can help you with this.
I hope these tips help you avoid phishing scams and handle them when they pop up. I’m happy to help out clients when they’ve got to deal with a phishing scam, but I’d much rather no one get into that situation!
Your contact info will never be shared. You can unsubscribe at any time. (But we’ll miss you.)