How To Protect Yourself Against Fraudulent Phishing Emails And Messages

 

Everyone would like a make a quick buck without the hard work involved. However, not everyone is always looking to take the honest route to achieve this. Some are willing to scam others out of their hard earned money.

Fraudster’s like these have created a system knows as phishing, vishing and smishing. These titles alone tell you that they are up to no good.

iTouch has always taken severe steps in fraud prevention and has been actively involved in the creation and updating of the Mobile Fraud Framework. With more and more cases of phishing being reported each week we thought it would be a good idea to educate online users in order to so you can recognise the signs before you fall victim to these scams.

What Is Phishing, Vishing and Smishing?

Phishing emails request that users click on a link in the email which leads them to a “spoofed” website, intended to fool users into thinking that it is an authentic attempt to obtain, confirm or update contact details or other sensitive financial information.

Vishing is when a fraudster phones their victim posing as a bank official or service provider to manipulate them into disclosing confidential information. This information is then used to defraud the victim.

Smishing, short for “SMS phishing” is like phishing, except that a user is tricked into downloading malware onto their mobile device which is then used to obtain sensitive information fraudulently.

How To Identify These Cases?

There are some characteristics to looks for that will immediately help you to identify that it is a phishing email or message.

• Ultimatum: An urgent warning attempts to urge you into responding. E.g. ‘Warning! You will lose your email permanently unless you respond within 7 days’.
• Incorrect URLs: Scammers may obscure URLs by using hyperlinks that appear to go to a reputable site that often contains a series of numbers or unfamiliar web addresses. Rest your mouse over any suspicious links to view the address of the link.
• Too good to be true offer: Messages about contests you did not enter or offers for goods or services at an unbelievable price are likely fraudulent.
• Style inconsistencies: Pop-up windows that claim to be from your operating system or other software may have a different style or colours than official notifications. Messages that claim to be from a reputable organisation may be missing branding aspects such as a logo.
• Spelling, punctuation, or grammar errors: Some messages will include mistakes.
• Attention-grabbing titles: "Clickbait" titles (e.g., "You won't believe this video!") on social media, advertisements or articles are sensationalist or attention-grabbing and sometimes lead to scams.

How To Protect Yourself?

1. Be sensible when it comes to phishing attacks

   Be wary of emails asking for confidential information – especially if it asks for personal details or banking information. Legitimate organisations, including and especially your bank, will never request sensitive information via email.

2. Watch out for shortened links

   You should pay particularly close attention to shortened links, especially on social media. Cybercriminals often use these – from Bitly and other shortening services – to trick you into thinking you are clicking a legitimate link, when in fact you’re being inadvertently directed to a fake site.

   You should always place your mouse over a web link in an email to see if you’re actually being sent to the right website.

3. If the email looks suspicious, double check

   These phishing emails will be punctuated with plenty of typos, words in capitals and exclamation marks. They may also have a detached greeting – think of those ‘Dear Customer’ or ‘Dear Sir/Madam’ salutations – or include farfetched and generally surprising content.

4. Be wary of threats and urgent deadlines

   Sometimes reputable companies do need you to do something urgently. For example, in 2014, eBay asked its customers to change their passwords quickly after its data breach.

   However, this is an exception to the rule; usually, threats and urgency – especially if coming from what claims to be a legitimate company – are a sign of phishing.

   Some of these threats may include notices about a fine, or warning you to do something to stop your account from being closed. Ignore the scare tactics and contact the company separately via a known and trusted channel.

5. Browse securely with HTTPs

   You should always, where possible, use a secure website (indicated by https:// and a security “lock” icon in the browser’s address bar) to browse, and especially when submitting sensitive information online, such as credit card details.

   Also, you should never use public, unsecured Wi-Fi for banking, shopping or entering personal information online. When in doubt, use your mobile’s data plan.

Always Look Out For The Signs

Now that know you have the tools and the knowledge, you can protect yourself and your finances much better. In this case, prevention is better than a solution.

Contact Us for Innovative Solutions

iTouch is one of the few messaging companies in Africa that abide by GDPR and POPI security standards. If you need assistance in building effective messaging solutions for your business, contact us to see how we can help. 

Sources:

• Welivesecurity.com
• Umass.edu