HOW TO DETECT AN ONLINE SCAM
Scammers are out there with questionable emails, dodgy websites and many more to get you. But how can you identify one?
In the modern age of the internet, cybercrime is on the rise. Cybercrime to cost the world $10.5 trillion annually by 2025 according to the cybercrime Magazine. If it were ranked as a country, then cybercrime would be the world’s third-largest economy after the U.S and China.
One common way of targeting users online is the phishing scam. Scammers attempt to get sensitive information by posing as trustworthy and legitimate source. They aim to deceive you into giving out personal details such as credit card numbers/bank account, passwords, national Identification Number, Date of birth, Driver license and other delicate information as such.
In this blog, we will cover two phishing scams that you will mostly encounter doing your online endeavours.
Phishing emails are claimed to be sent from a legitimate or a well-known source, such as Amazon, Banks and so on
In the mail, they will often tell you to click on a link to resolve the issue bring forth to you, clicking on this link will often link you to a fake website or download/open an attachment that would install ill-disposed software onto your device.
It is common for phishing emails to create a sense of seriousness to mislead you and urge a quick response. This might be achieved by:
- Asking you to renew your password
- Citing purchase you did not authorise
- Warning you about unauthorised activity on your account
- Peaching to you an unbelievable get a rich quick offer
Know what to look for in a Phishing email
- Phishing emails will not approach you by your name. Rather, they will use greetings like” Dear customer” because similarly emails will be sent to different people.
- Be wary of attachments and watch out for links to a phishing website.
- Be on the look for spelling and grammatical errors. These are signs of a potential scam.
- Check if the email address of the sender is authentic. If the domain name( part of the email after the @ symbol) is different from the business, is a sign that it’s not real.
- Don’t rush, scammers like to create a sense of urgency, take your time to determine if the email is genuine or not.
- Mentions of activities you have not performed, such as login attempts or purchases
- Unexpected attachment and request for certain information.
What to do
- The best thing to do is to ignore a phishing email. Don’t visit any site or download any file attachment from such email.
- Don’t open phishing emails at all if possible.
- If you receive a concerning email about an account, safely check your account history by logging in to the site using a proper URL to go there. Don’t use the link from the email unless you trust it.
Mailing services like Gmail automatically move emails identified to be unreliable to your spam folder. However, there are extra security settings you can license to protect your business or personal mail. Here is an article for google about enhancing mail service against phishing: Google Support
Link to a fake website pretending to be from an authentic source are always sent through a phishing email or SMS. Site disguise to be the original site using similar looking domain name and can copy the interface of the original website to trick you into believing its authenticity. ( called spoofing )
Depending on the scenario, the fake email (phishing email) might establish a fake scenario instructing you to resolve urgently, this might take you to a fake login page or page asking for your credit card information ( i.e the link attached to the mail sent)
Example of fake domain:
The above website can be easily detected if you are familiar with the real domain name. However, they are more advanced ways of making the domain name look similar to an authentic one.
“Homoglyph attacks” here the scammers use a foreign character that looks similar to the alphabet of the counterpart domain name. A familiar example of this attack was illustrated by Xudong Zheng in 2017 who used homoglyphs to create a fake Apple website. Here is the link https://www.аррӏе.com. Don’t worry this link is completely safe to use.
Although most browsers will convert foreign characters to Punycode. This means that the former https://www.аррӏе.com will appear in the URL bar as https://www.xn--80ak6aa92e.com. So be on the lookout for what domain names change from the original.
Website Spoofing Clues
- If the padlock icon is missing in the URL bar, the website is not secure and it’s likely to be spoofed.
- The URL uses “HTTP”, not “HTTPS”. Don’t trust sites that don’t use the HTTPS prefix.
- To protect against automatically logging in to a spoof website, use a password manager. If the password manager does not recognise the website, it won’t autofill login details.
- Suspicious contact us information, broken links, spelling errors, missing social media badges, are all indicators that the website has been spoofed.
In summary, remember that scammers:
- Try to gain trust by claiming to be from a well-known business or impersonating a known contact.
- Are known to appeal to your emotions and try to manipulate you how they fit.
- Create a sense of urgency to get you to make arrangements without thinking.
- Will suggest they own verification procedure just to appear legit, like going to their website to give personal information or Calling a number they provided to you.
Are you a victim of online scam? Contact TheHackersPro today to recover lost funds