Imagine you're out at lunch with a friend and you get a notification on your phone saying, "Your payment is being processed"—but you didn't buy anything online. You check who sent the email, and it says support@amazon.newuser.com. Looks kinda legit, right? But there's more going on than what you might notice on first glance. What you're experiencing is known as phishing.
Asurion Experts provide total tech care for our millions of customers, including solutions for tech security. Here are their answers to commonly asked questions about phishing emails and hacking attempts, from how you can recognize them to what you should do if you receive a suspicious email.
What is a phishing email?
Phishing is a type of scam used by cybercriminals to illegally obtain a user's personal information, such as login credentials and credit card numbers. Phishing can occur in text messages, advertisements and emails and often appear as if they're coming from legitimate sources.
How can I spot a phishing scam?
They aim to scare you with the subject line
Getting an email with a subject line telling you that your payment was successful when you haven't purchased anything recently is something that would jar any of us. That's exactly what a scammer's goal is—to cause you to panic.
Looking over a collection of phishing email examples, we were able to compile these commonly used phishing subject lines to keep an eye out for:
- "Your account has been deactivated due to suspicious activity."
- "Response required."
- "Your sensitive data has been compromised."
- "Your password has expired."
- "Your payment is being processed."
Don’t waste time scrolling
Life is short. Ask our experts and get answers now.
They try to hide their email address
Have you ever received an email that looked like it came from a company you do business with, only to open it and find that the message seems off? You're not alone, which is why it's important to double-check the sender's email address. Using fake email addresses that closely resemble the real source's is a favorite move of scammers and one that's easy to overlook.
Here are the things to look for to spot the difference between an email that's real and a phishing email:
- An email address is made up of two parts: a username, which comes before the @ symbol, and a domain, which comes after it.
- Scammers like to make subtle changes to the domain to hide where an email is coming from. This means that the difference between a real and a fake email could be as simple as support@newuser.microsoft.com (real) and support@microsoft.newuser.com (fake).
- You can tell the first email address is really from Microsoft because the company name is the last part of the domain. The second email is from another source because the word "newuser" comes at the end.
They ask for your personal information
If you get an email that asks for sensitive information, even if it looks legitimate, your best move is to contact the company directly. It's highly unlikely for a company to ask you to give out personal information like usernames, passwords, or credit card numbers via email. If asked to click a link from the email, just say no. Type the company's website into your browser, and look for a page that says "Contact us."
In some cases, a scammer's goal may be to convince you to click a link and enter your password into a fake, look-a-like site they've built. Remember, you can always hover your mouse over the link before clicking, and it'll show you where the link is attempting to take you.
They don't use your name
Companies you regularly do business with often send you emails with a personal touch, like calling you by your name in the subject line. Someone sending a phishing email is not likely to know this level of detail, making them easier to spot. They'll use generic greetings like "Hello," Dear Customer," or "Dear Member."
They use incorrect grammar
Established companies often have entire departments dedicated to proofreading emails, so lots of incorrect punctuation, grammar, or spelling should be a red flag that you're dealing with a phishing email.
They send you an attachment
Never download any email attachments from a sender you don't recognize. Scammers will occasionally attach files to their emails, hoping you'll download them. These attachments can infect your device with malicious software or steal your information.
How can I report a phishing email?
Once you know the common phishing email tactics, it's easier to keep your data safe. You can help others by reporting phishing attempts to the United States Computer Emergency Readiness Team, which will add them to a list of known scammers.
Tried these steps and still need help? We got you. Get your tech problem solved when you call or chat with an expert now.