When we started warning you about phishing scams years ago, they were much easier to spot. Criminals were more careless back in the day and would regularly send emails full of typos and bad grammar.
Fast forward to today and crooks are using sophisticated tools to spoof messages and websites that make them look real. Phishing emails now can include official company logos that make them seem legit. Tap or click here to see a recent phishing scam making the rounds.
Since Black Friday is right around the corner, scammers are taking full advantage of the shopping holiday. You really need to watch for these email scams.
Criminals are going phishing for Black Friday
Whenever a major story goes viral or a massive data breach occurs, scammers pounce to take advantage of it. That’s because they know many people are aware of what’s going on and won’t think twice if they get an email that’s on topic.
The problem is, many of those emails that seem like they’re coming from legit companies are actually fake. And the problem is getting much worse.
What’s happening now is, scammers are spoofing website URLs and making one little tweak that you might not notice. The web address is spelled correctly, but instead of using all of the proper letters, they’re replacing at least one with an ALT code that adds an accent.
For example: instead of using a typical lower-case “e,” as you see in “Best Buy,” a scammer could replace it with an “é.” Notice the little accent mark on top of the “e.”
Anyone can do this by holding the Alt key and typing 0233. It results in what’s called the “e acute” ALT code. So instead of going to the official Best Buy site, you could be clicking on a link to a spoofed Best Buy page.
Since Black Friday is this coming week, scammers are sending phishing emails to unsuspecting victims, hoping to catch them off guard. Some of the messages even look like Black Friday ads with too-good-to-be-true sales on things like TVs, laptops and designer goods.
Remember, if it seems too good to be true it probably is. If you do see an ad with an extremely cheap deal, make sure you go to the official website of the retailer and verify the item is on sale. Be careful to type in the exact URL without any typos.
How to avoid falling victim to phishing scams
Be cautious with links
The most important rule to outsmarting phishing scams is to avoid clicking on malicious links. That means you shouldn’t click on web links or open PDF attachments found in unsolicited email messages — it could be a phishing attack.
If you need to conduct business with any company, it’s always best to type its web address directly into your browser. Never trust a link that’s inside a message.
Have unique passwords for every online account
Another mistake many people make is using the same password for multiple websites. This is a terrible idea. If your credentials are stolen from one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account.
Also, it should go without saying, but online accounts are so much easier to break into with simple passwords. So if you’re still using “password1234,” stop doing this. Stop yesterday.
Never send payments through unsolicited messages
If you do happen to receive an unsolicited email, do not send payment or reply with personal information. You don’t want it to fall into the hands of criminals.
If a company you do business with on regular basis emails you and asks for personal information, type the company’s official web address into your browser and go there directly to be safe. Or, give them a call using a trusted phone number, like those found on the back of your debit or credit card.