The image below was sent to me by a friend who was sent this fake bill by “apple”. I was immediately able to tell cos look at the email address used na… support at bandcamp dot-com. Gmail exposed the email address when the email was forwarded to me. Cancelling the order would have led him to type in his apple ID and password which would have given them access to his account and bank details.
This is what a phishing scam looks like.
Phishing emails generally try to appear as if they are from a trusted source and attempt to get recipients to do whatever they want them to do.. including sharing sensitive information.
here’s what these phishers/ scammers do.
they replicate an email or a site that looks very similar to a trusted site (like apple) and get you to click on a link, put in sensitive information which they thereby use to ruin your life.
simple right.. in less than 30 seconds, all your life savings could be wiped from your bank account.
that’s not a smile I see on your face now…
you definitely will be scowling if this ever happens to you and nobody is above it… (Including the White House)
scammers are not smiling now.. they are looking for every possible way to defraud people and you shouldn’t fall a victim.. Techie or not.
Here’s how to find out if you are being phished:
- always check the email address an email comes from: Our mailing platforms nowadays just show us the names of the people sending mails to us and any hacker can set his name as Apple Inc. ensure you click on that to show you the real email address.
- check if the site you are directed to has Secure SSL: just look for HTTPS and a Padlock in front of the site address.
- check that the mail isn’t an unusual email.
- call customer care or an account manager.
- visit the link over a secure browser and ensure it lands on the rights company’s landing page.
- sometimes the scammers landing page looks better than the original landing page. open the real website on another tab and compare both or do the transaction on the new tab you typed in yourself.
- on the landing page too, ensure it links to the company website or relevant contact pages/ web links.
- check for grammatical errors and unusual language in the mail/website. the scammers will probably tell you that your life depend on you clicking that link..
- if you are a little bit technical, right-click the webpage and view page source in google chrome. gbam.. You don catch them be that.
you don’t have to do all of these, but depending on the skill and stupidity of the scammer, testing 2 to 3 of these tactics will give you signs beyond reasonably doubt.
here’s how to prevent phishing scams.
sometimes, you can actually avoid getting these suspicious emails and contacts from these fraudsters in the first place. Here are some steps you can take to avoid (to a certain extent) Phishing scams.
- be careful of the sites you visit. most sites store cookies which kinda contain info that can be traced back to you. You don’t want your cookies with the cookie monsters.
- avoid illegal sites: How do you think all these sites with free pirated movies make their money? There’s no free lunch in Freetown. some of them take your info and sell it… some bombard your system with viruses disguised as adverts. long and short is that they make money off you illegally.
- Have 2 factor authentication if possible: especially on your email addresses and on sites that you might need to put in payment details. even if hackers get your password, they probably wont have your phone with them to get a security code or call.
- Know your account manager or have an alternate mode of access: eg a mobile app of your banking platform. in a situation where your laptop has been compromised, you can easily log in to your mobile app to block transactions or card details.
- have an alternate account: don’t put all your eggs in one basket. I for example do not have an ATM to my salary account, I move whatever I am going to spend to my card account like I said in my post on saving here. I did this to save but it’s also a good security measure
- never ever give out your internet logging details via mail.
- ensure you pay for transactions on trusted secure sites.
- have an Internet Security and Antivirus application installed on your computer.
Phishing is just one of the many ways your security can be compromised online. There are many other ways scammers and hackers can get to you (There’s DOS, spoofing, viruses… etc.) but it’s not all doom and gloom.. you don’t have to fall a victim.
there are other security tips I will be sharing in upcoming posts…
stay tuned on the blog and share your own tips/experiences if you have any.