Donate |

How to not get phished

Our tips on how to identify phishing scams will keep you from falling for them

Published: October 2012

Like death and taxes, online scams are inevitable. Among the most widely known flimflams is phishing, in which perpetrators try to steal your private information, such as online-account logins and personal financial data, via fake e-mails, websites, and even phone texts.

A typical phishing solicitation appears to be from a company or service you trust and possibly already do business with, including a bank, a payment service such as PayPal, or an agency such as the IRS.

But a number of telltale signs can help you identify phishing cons. Read on for tips on staying safe and protecting your information. And go to our Online Security Guide for more advice.

How to identify phish

Here are some ways you can vet an e-mail that makes you suspicious.

  • Look for grammar and spelling oddities and errors.
  • Check the addresses—are they legitimate, or a little off?
  • Hover over links within the e-mail to see the real URLs.
  • Don’t click on any link in the e-mail; type the given URLs into your browser.
  • If you're unsure of a site, try signing in with the wrong password first.

Below are some real-life examples of phish e-mails as well as the warning signs we spotted in each.

Fake USPS notice

Phish warning signs:

  • Bad grammar: “package you have sent on the 27th” and “for each day of keeping.”
  • Sentence fragment: “Because the recipient’s address is erroneous.”
  • Hovering on button shows a bogus website.

Phony American Express e-mail confirmation

Phish warning signs:

  • Multiple addressees for a personal message.
  • Hovering on links show a bogus website.

Fraudulent Webmail warning

Phish warning signs:

  • Odd phrasing: “Thank you for your anticipated cooperation.”
  • Link reads “clickhere” instead of “click here.”
  • Hovering on the link shows a bogus site.

Bogus ADP alert

Phish warning signs:

  • Multiple addressees on a personal message.
  • Odd paragraph spacing.
  • Hovering on the link shows a bogus site.

Sham Groupon deal

Phish warning signs:

  • Spelling errors: “dicount” in subject and “attachement” in body.
  • Odd sentence structure: “be in a hurry this weekend special is due in 2 days!”
  • Hovering on links shows a bogus site.

False Chase Bank alarm

Phish warning signs:

  • The request to enable CSS (cross-site scripting) is unusual, and complying reduces your security.
  • Hovering on links shows a bogus site.
  • Banks do not usually embed links; they ask customers to type in the bank’s Web address themselves.

Fake-antivirus trap

Fake-antivirus attacks are the biggest security trap when you're using a browser. In fact, the FTC recently targeted this type of scam (read FTC cracks down on major tech support scams conning consumers). Here's what can happen.

  • The attacker pops up a box like the one above, telling you your PC is infected.
  • You're convinced to click a "scan" button to "clean up" your PC.
  • This actually installs an exploit that causes problems, such as hiding files, desktop items, documents, and pictures.
  • The attacker then asks for a fee to fix the damage it "finds."

Fake AV can be cleaned up without paying a fee to the hacker, but it can be a tricky, multistep process. To avoid the fake-AV trap, learn the messages your own security software gives. And always assume a pop-up warning is bogus, until you check it thoroughly.

Tips for staying safe



Here's a list of best practices for keeping your personal information private and secure online.


Install security software. Consumer Reports recommends several free programs.


Keep your security software active and updated.


Accept critical updates to major software, including Windows or Mac OS, office suites, browsers (Chrome, Firefox, Internet Explorer, Opera, and Safari), plug-ins (Adobe Flash Player), and so on.


Back up your files; assume your hard drive will fail.


Be cautious about using free downloaded software. Instead, get it from a reputable source.


   

E-mail Newsletters

FREE e-mail Newsletters!
Choose from safety, health, cars, and more!
Already signed-up?
Manage your newsletters here too.

Electronics & Computers News

Connect

and safety with
subscribers and fans

Follow us on:

Cars

Cars New Car Price Report
Find out what the dealers don't want you to know! Get dealer pricing information on a new car with the New Car Price Report.

Order Your Report

Mobile

Mobile Get Ratings on the go and compare
while you shop

Learn more