Cybercriminals have been out in full force to kick-off 2017. Malware, data breaches and ransomware scams have been popping up everywhere. We even learned recently that hackers have been stepping up their attacks on Mac computers.
Another favorite ploy for scammers is phishing. In fact, there are a couple phishing emails making the rounds that you need to know about.
Phishing is an attempt, typically made through an email, to obtain your private information by imitating someone else. The criminals behind these schemes go to great lengths to create emails that appear to be from someone you trust or a legitimate company.
Watch out for fraudulent emails from Amazon and PayPal
Two of the most popular sites for cybercriminals to mimic are Amazon and PayPal, mainly because they are both prominent sites when it comes to online shopping.
Here is a recent example of an Amazon phishing email that came with the subject line: "Your Amazon.com order cannot be shipped."
Unsuspecting recipients who click on the provided link for "account confirmation" will be directed to a fake but convincing "Amazon" webpage. There, they are asked to re-enter their names, address and credit card information.
The whole thing is a sham, of course, and if you enter your information and click "Save & Continue," it is game over. The scammers will now have everything they need. In an effort to keep your suspicion down, they will even redirect you to the real Amazon website when the phishing process is complete.
In a separate attack, you may find a fraudulent email sent to your inbox claiming to be from PayPal. It's an official looking message sent by scammers, trying to get you to click on a malicious link. Here is what the email looks like:
The email begins by warning the reader that someone is using their PayPal account without their knowledge. It claims that there has been recent activity on their account from a suspicious location. They are then supposed to click on a link to confirm your account.
Warning! Do NOT click on the link inside the email.
If you do, it will take you to a fake login site that was built to steal your credentials and security answers. The site will ask that you log in with your current credentials and then asks you to change your password. Since the fake email uses the PayPal logo, it looks official and people are falling for it.
You may have noticed the terrible grammar found in both examples shown above. That's typical with phishing emails, poor grammar and spelling errors are quite common.
With these types of attacks constantly happening, it's good to know how to identify phishing scams. Here are a few suggestions that will help:
How to avoid falling victim to phishing attacks:
- Be cautious with links - If you get an email or notification from a site that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
- Do an online search - If you get a notification that seems shady, you should do an online search on the topic. If it's a scam, there are probably people online complaining about it and you can find more information.
- Check your online accounts - The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
- Have strong security software - Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software.