Reading the water for phish

Here is a list of identifying characteristics of a phishing scam. Any one of these characteristics can be a sign of a scam, but multiple characteristics are a strong indication.

  • Is the message unsolicited?
  • Does it contain misspellings or poor grammar?
  • Is the scammer trying to create a heightened sense of urgency?
  • Does the sender’s address or the hyperlink you hover over, contain an uncommon domain name?
  • Scammers often request information that a legitimate person should already have (why would a bank who is calling me need my account number?)
  • Is the offer too good (or the problem too bad) to be true
  • Scammers often state their authority over you (that they’re from a collection agency, law enforcement agency, tax agency, immigration service, especially agencies that you would have a difficult time confirming)
  • Scammers often refer to themselves only by their title or department name, and do not give a person’s name you can verify
  • If not stating their authority, they tell you how hard they are trying to save you from some disaster you didn’t even know you had
  • In this past year, there was a scam where the malicious hyperlink was the unsubscribe link! That is, by thinking you would rid yourself of the sender, you would actually fall prey to them!

If you receive a message that is suspicious because of any of these characteristics: don’t click on any of its links, don’t open any of its attachments, and don’t call any phone numbers listed in the message. If it appears to be coming from another person, you can contact that person using an address or phone number you get from a known legitimate source.