Phishing Scams: How To Identify Fraudulent Emails That Want To Steal Your Money, Identity

Hacking and fake news have been in the news a lot lately, what with the allegations of Russians using both those tools to influence the outcome of the U.S. presidential election. And both those online risks come together in a seemingly innocuous but potentially dangerous form: phishing.

Put simply, phishing is the attempt to steal your personal information, such as passwords and financial details, using an email or website that looks like it is legitimate but is in fact merely designed to look like that to lull you into a false sense of security.

Diligent Corporation, a New York company that provides secure platforms for boards and leaders of other companies and organizations to share information, put together data from various sources that show phishing attacks have gone up by over 300 percent between 2013 and 2016. About 156 million phishing emails are sent around the world every day, of which some 16 million are not detected by spam filters.

So if you get one of these fishy-looking emails, how do you know if it is actually a scam? Diligent surveyed over 2,000 people, using an experimental setup, and came up with some possible answers.

Some of the warning signs it lists are: spelling and grammar mistakes; generic salutations that don’t use your name; seems too good (or bad) to be real; is from an unknown sender; requests money or personal information; asks you to click on a link or download a file, while being vague.

Of the people surveyed, over half had been victims of some phishing scam or another. About 52 percent had an unauthorized charge on their credit card, 33 percent had their email accounts hacked and almost a quarter had their social media accounts compromised.

Some of the most effective phishing scams pretend to be sent from email addresses of people we know, such as friends or colleagues. The maximum number of people in the survey, over 68 percent, were fooled by emails that purported to be from a colleague to schedule a meeting the next day, followed by messages from friends claiming to share photographs on social media (almost 61 percent) or Dropbox (37.6 percent).

In contrast, the least effective phishing scams were those that promised a tax refund from the IRS, or gifts of cash and vouchers.

Being wary of phishing emails has a flip side — marking genuine emails as spam. The survey found about 40 percent of genuine emails were marked as phishing attempts. Those aged between 35 and 54 were the best at being able to tell real emails from phishing attempts, while the 18-24 and over 65 groups fared the worst. Men and women were fooled almost the same number of times, 23 percent and 23.3 percent, respectively.

If you want to check your own ability to identify scam emails, Diligent has a shorter version of its survey, designed like a quick quiz, on its website that can be accessed here.

And if you think you have received a phishing email, you can report it to the United States Computer Emergency Readiness Team using information on its website.