5 frightening phishing scams to watch out for

By Kim Komando

June 3, 2017

Phishing scams have been running rampant in recently, all too often taking hundreds of thousands of innocent victims to the cleaners and leaving them red-faced and with little to no money left in the bank.

Note: This is also one of the reasons it’s so important that you backup your data with Universal Backup from our sponsor, IDrive. Universal Backup covers all of the operating systems including Windows, Mac OS, iOS, Android and Windows Mobile. Plus, you can take advantage of the social media backup tool, and create a safe archive for the posts, photos and videos you’ve shared on platforms like Instagram and Facebook. Click here to save 50% on cloud backup storage when you use promo code KIM!

In order to stay protected from these seriously scary scams, you need to know what to look for. Today, I’ll show you five different types of phishing scams to be aware of and point out all of the red flags.

Are you ready?

Scam #1: Deceptive Phishing

Deceptive phishing is when a scammer will pose as a legitimate business, like Amazon, in an email in order to get you to cough up sensitive information, such as your login for that site, as well as your password.

Need some examples?
It’s happened numerous times. For starters, scammers have posed as the IRS, Apple, Amazon, Home Depot and Microsoft, all saying you need to log into the site, using the link they provide, to fix whatever went wrong with your account.

What to look for:

1. The “From” address. If the email address is from any type of address that looks like “tkupetz@wbased.k12.pa.us” or anything similar, delete the email immediately.
2. Grammar. No matter how much it gets proofread, any company is going to occasionally send out an email with a spelling or grammar error. Fine. But phishing emails often contain glaring and obvious mistakes that you can catch without being a copy editor. Awkward phrases, missing punctuation and wrong capitalization are just a few places to start.
3. Formatting. Are the paragraphs in the body of the email formatted correctly? Are some random words in bold? Are there extra spaces? Are there images included that don’t make sense?
4. In-body links. Remember that NOT ONE legitimate company will provide links for security issues. If there’s a problem, the company will ask you to head directly to the company’s website and enter your information there, rather than provide you a link to follow. You can also hover your mouse over the link to see where it really directs you. You’ll discover that these links actually infect your computer with dangerous malware – all with just one click. As a rule of thumb, don’t click any links if you think the email is suspicious.
5. Non-corporate phrases. When was the last time you received an email from a major corporation that ended with “God bless you”? Remember, this isn’t an email from your aunt. It’s supposed to be from a multibillion-dollar international company that isn’t going to risk offending anyone. Also, make sure there’s a signoff as scam emails have often just ended.

Scam #2: Spear Phishing

Spear Phishing is a little bit more complicated to catch. Think of it like this: deceptive phishing is like a net cast out over the sea to catch as many fish as possible. Spear phishing uses a dagger, directly aimed at you personally.

In this type of email scam, the troublemakers will craft the email to be hyper-personal to you. It will use your name, could include your phone number, your position at work and more. The goal, however, is the same as deceptive phishing – getting you to click on malicious link.

Need some examples? Spear phishing attacks have been used in campaigns to break into your webcam, and have even stooped so low as to trick users into downloading a pamphlet on how to stay safe with an inevitable terrorist attack on the way.

What to look for:

• Don’t download unsolicited email attachments, especially from unknown sources.
• Don’t click on links in suspicious emails.
• Don’t trust “official” emails from companies you don’t do business with.
• Take a second to look at any “official” emails before you follow any instructions.

Scam #3: CEO Fraud

Imagine this: An employee at a company receives an email, seemingly from the company CEO or someone in the payroll department. It’s a quick email asking for, let’s say, payroll information, or a quick money transfer.

The employee doesn’t bat an eyelash, assuming the email is nothing out of the ordinary, responds, or clicks on a malicious link and all of a sudden sensitive information about the company and its employees is in the wrong hands.

Need some examples?

It’s a common problem that’s getting larger by the day, and no company or person is safe. In fact, scammers recently tried to target our studios by sending an email imitating our CEO. Click here to see how we spotted the problem.

What to look for:

• Be wary of email-only wire transfer requests and requests involving urgency.
• Pick up the phone and verify legitimate business partners.
• Be cautious of mimicked email addresses.
• Practice multi-level authentication.

If someone in your company falls for one of these scams, the FBI urges you to:

• Contact your financial institution immediately.
• Request that they contact the financial institution where the fraudulent transfer was sent.
• File a complaint—regardless of dollar loss—with the IC3.

Scam #4: Pharming

Scammers are constantly inventing new ways to fool you. Pharming is one of them. Pharming is more complicated than sending emails, so bear with me, it’s a little bit confusing.

When you enter a website, like www.komando.com, those letters are converted into a numerical IP address. Pharming allows these scammers to change the numbers in the IP address and can re-route anyone to a malicious site instead of the intended site.

What to look for: There aren’t obvious warning signs for this scam, as the scammers get smarter every day. Instead, you’ll want to:

• Make sure you’re using a site that’s protected by HTTPS. HTTPS is a label for a secure site that uses encryption to scramble your traffic so hackers can’t get your passwords or other information. For more information, click here. 
• Keep your browser up to date with all the latest security updates. Here are instructions for Chrome, Internet Explorer and Office.

Scam # 5: Google Doc and Dropbox

There are tons of folks who use Dropbox and Google Docs to hold lots of files, so naturally, scammers would want to get into these sites. In order to get access to these accounts, scammers combine tactics mentioned previously. They can get tricky, however with little to no warning signs to spot.

In one attack, for example, users were duped into giving up their Dropbox credentials by entering them on a fake Dropbox page that was actually hosted by the real Dropbox. Very similar things have happened with Google Docs, too.

What to do: 

• Enable two-step verification. With two-step verification enabled, before you log into your account you need to prove you are who you say you are. It’s like the DMV asking for two forms of ID. Here are instructions for how to enable two-step verification on Amazon, Facebook, Google, Microsoft and Apple.

Note: Phishing scams often lead to even worse problems, like identity theft and even ransomware infections. This is why you need Universal Backup from our sponsor, IDrive. Universal Backup lets you backup the data for up to five devices within a single account. You can also backup your social media accounts, like Instagram and Facebook. Click here to save 50% on cloud backup storage when you use promo code KIM!

More from Komando.com

Google and Facebook hit by $100 million phishing scam

If you get an email from this company in your inbox, DELETE it!

Can you spot a fake email? Take our phishing IQ test

Tags: Apple, Dropbox, fraud, Google Docs, identity theft, Komando.com, malware, phishing scams, promo code, ransomware, security, Spear Phishing, Two-step verification