Phishing Scams – Let’s Break Them Down
Phishing scams are socially engineered scams created by hackers to infect the devices of their unsuspecting victims. They use different platforms such as email or text to send a message to their target and trick them into clicking on malicious links, entering in personal information, or giving access over to the bad actors.
Below we have examples of a phishing email and phishing text message which we broke down to show you some red flags to look out for when opening your inbox.
- Fake Email Address
By just scanning this email at first, you might not notice the spelling mistake in the email address. Phishing emails do not come from legitimate email addresses and often contain spelling mistakes, several numbers, or a first or last name that do not match the name of the sender. They can also get tricky by replacing O’s with zeros and L’s with ones so look closely.
2. Not Using Your Name
Dear SunTrust Client,
If customer care had taken the time to view your account or profile and notice suspicious activity, they definitely know your name. In the case of banking or doing any kind of business or transaction, organizations take the time to use your first or last name to address you and not just ‘client’.
3. Extra Spaces
As part of our security measures…
When scanning over the email you may be drawn to the extra space in between those words in the first line and think it was no big deal – maybe whoever wrote it accidentally pressed space twice. However, like you, the person that wrote the email would also notice the obvious gap between the words when proofreading the email and would likely fix the mistake.
4. Name of Company Not Capitalized
…suntrust Online Banking
Although spelling mistakes happen, it almost never occurs when typing out the name of the company. As you can see in this line, neither the ‘S’ nor the ‘T’ is capitalized. Branding is important to every company and this mistake would never happen.
5. Incorrect Grammar
We recently contacted you after noticing on your online account, which has been accessed unusually.
In phishing emails, there are often instances of incorrect grammar or improper sentence structure like in this sentence. A quick proofread and the writer would have noticed that this line doesn’t really make a whole lot of sense. It’s not that the hackers don’t know proper grammar, English may not be their first language or they use translation tools that aren’t very accurate. These errors are quite common.
6. Some Kind of Link
The way these scams work is the message prompts users to click on some kind of link or download a file this is how the hackers get in. The link will take you to a malicious website where the hackers are then able to gain access to your device and download malware onto it. The same goes for downloaded files. The files users are asked to download contain malicious code which will install the malware once downloaded. They can’t get in without your help so they have links to trigger an action that will give them what they need.
7. No Capitalization
call us at….
Another place where there is lack of capitalization however, this one is at the beginning of a sentence. Most devices have auto capitalization or just a simple proof read would catch this mistake, and it is very common among fraudulent messages so look out for this.
8. Fake Phone Number
Firstly, 786-8789 does not spell out SUNTRUST nor does it even have the right amount of letters/numbers to match up. Also, a quick Google search would show you this number is not connected to SunTrust and there are a number of different ways to contact SunTrust, none of which are the number in this email. Checking the legitimacy of the contact info or any kind of contact info is a good way to find out whether it is a scam or not.
Another form of phishing hackers use is Text Message Phishing or smishing (sms phishing). Let’s take a look at what this might look like.
- Random Contact Information
This text message is coming from a random number. Not one connected to Apple or any kind of security company. Unless you have a special security software you installed yourself (which would likely contact you by email or a notification from an app), the company which makes your phone would contact you via notification or email – not a fairly generic text message.
2. Grammar Mistake
You now have (3) virus….
If this were an organization legitimately contacting you about a virus, there would be more information about the viruses found and here it appears the number 3 was a randomly selected number. The formatting of the sentence would also change if this were an official warning – more than one virus found would change the sentence to using the plural form of virus (viruses).
3. Some Kind of Link
Just like in the phishing email, there is always some kind of link the user is prompted to open to give the hacker access to the device
4. Sense of Urgency
Clean your phone ASAP.
Hackers like to give the message a sense of urgency so the user doesn’t stop to think about whether it might be a scam or not. It also gets the hacker in faster and they get what they want sooner.
Hackers are getting smarter each day and phishing emails are becoming more seamless and often go undetected by spam filters. You can no longer rely on your email platform to filter these out and have to be cautious when opening any files or clicking on links sent to you. If you’re not careful, you may be the next victim of a ransomware attack.
If you receive any suspicious messages or emails simply delete them and DO NOT click on any files or links.