Signs of Phishing Attempts in Emails and Phone Calls
Difficulty Level: Member • Nerd • Platypus
Estimated Time: 15 Minutes
Expected Outcome: Have the ability to identify legitimate vs. illegitimate emails and phone calls.
Tools Required: none
How to spot Scam Emails!
- Emails Demanding Urgent Action
Emails threatening a negative consequence, or a loss of opportunity unless urgent action is taken, are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.
- Emails with Bad Grammar and Spelling Mistakes
Another way to spot phishing is bad grammar and spelling mistakes. Many people apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct. Those who use browser-based email clients apply autocorrect or highlight features on web browsers.
- Emails with an Unfamiliar Greeting or Salutation
Emails exchanged between work colleagues, friends, or family usually have an informal salutation. Those that start “Dear,” or contain phrases not normally used in informal conversation, are from sources unfamiliar with the style of office interaction used in your business and should arouse suspicion.
- Inconsistencies in Email Addresses, Links & Domain Names
Another way how to spot phishing is by finding inconsistencies in email addresses, links and domain names. Does the email originate from an organization or person corresponded with often? If so, check the sender’s address against previous emails from the same organization. Look to see if a link is legitimate by hovering the mouse pointer over the link to see what pops up. If an email allegedly originates from (say) Google, but the domain name reads something else, report the email as a phishing attack.
- Suspicious Attachments
Most file sharing now takes place via collaboration tools such as SharePoint, OneDrive or Dropbox. Therefore emails with attachments should always be treated suspiciously – especially if they have an unfamiliar extension or one commonly associated with malware (.zip, .exe, .scr, etc.). If you weren't expecting a file from someone, contact them by starting a new email to verify it was them and not a spoof, along with possibly by phone if the response in email seems suspicious.
- Emails Requesting Login Credentials, Payment Information or Sensitive Data
Emails originating from an unexpected or unfamiliar sender that request login credentials, payment information or other sensitive data should always be treated with caution. Spear phishers can forge login pages to look similar to the real thing and send an email containing a link that directs the recipient to the fake page. Whenever a recipient is redirected to a login page, or told a payment is due, they should refrain from inputting information unless they are 100% certain the email is legitimate.
- Too Good to Be True Emails
Too good to be true emails are those which incentivize the recipient to click on a link or open an attachment by claiming there will be a reward of some nature. If the sender of the email is unfamiliar or the recipient did not initiate the contact, the likelihood is this is a phishing email.
How to fight Scam Emails
If you are unsure you can always forward it to firstname.lastname@example.org and we can take a look for you! That's why we are here! If you do think it is spam you can usually right click and select block sender then delete the email.
How to spot Scam Phone Calls!
Telephone scammers often try to hook you with enticing offers, appeals for charitable causes, or claims of being associated with the government. They won’t allow time for you to think through their pitch. They will pressure you to make a decision.
Regardless of their behavior or message, a phone scammer’s goal is to get you to either send them money or provide your personal information.
Below are common warning signs of a phone scam:
- A claim that you have been specially selected
- Use of high-pressure sales tactics and “limited-time” offers
- Reluctance to answer questions about the business or the offer
- Request that you “confirm your personal information”
- Request payment by means other than credit card –including cash, gift card, wire transfer or private courier
- Request your credit card or other payment mechanism for “shipping and handling”
- Use of threats if you don’t comply – even the threat of arrest
- The call starts with a prerecorded message – called a “robocall”
- Claims you have a virus on your computer or requests to log in to your computer
- Claims to be a friend or relative in need of money – but they don’t give you any time to think or contact others
How to fight Scam Calls
Enroll in the Do-Not-Call List
To reduce calls from telemarketers and scammers, you can enroll your residential and cell phone numbers with the state and federal do-not-call lists. Both lists are free, but they are separate, so review the terms and policies of each.
- Enroll for free in the federal do-not-call list at www.donotcall.gov.
- Enroll for free in the Tennessee do-not-call list at https://www.tn.gov/tpuc/tennessee-do-not-call-program/csd-online-do-not-call-registration-form.html.
Note: You can also sign up for the Tennessee do-not-call list via the telephone or by mail, but you will need to pay a nominal registration charge for each telephone number you include on the list. Allow several weeks from the time you enroll for your number to be removed.
Unfortunately, illegitimate companies and scam artists do not respect do-not-call lists. Therefore, once your enrollment goes into effect, you should be extra careful of unsolicited telemarketing calls unless you know that they come from a company with which you have a legitimate, established relationship.
Use Call Blocking Services
To block unwanted calls on your cell phone, you can download a third-party call blocking app. These apps help detect spam calls by using blacklist databases, blocking numbers that have received a high number of consumer complaints. Learn more information about available apps from CTIA – the wireless industry’s trade association.
Many mobile phones include features built into the phone that will identify suspected spam calls or block calls from specific numbers. For some you may have to manage the list yourself and the phone may have a limit on how many numbers can be blocked, but these features can be used in addition to or instead of third-party apps.
There are call-blocking devices that can be installed directly on your home phone or over the Internet. Not all devices or services work on all types of home phones or carriers, so you will want to check with your phone company before making a purchase.
In addition, many carriers – both wireless and landline – provide call-blocking services. Some carriers offer these services for free, while others charge. You can check your carrier’s website or call The Neighborhood Nerds for more information.
For more information about resources for blocking unwanted calls, visit the Federal Communications Commission’s website.