How to avoid phishing scams
“Phishing scams? Pfft. I probably won’t fall victim to one.”
A number of us might have said this at one point in time or had family or friends who’ve said this. Unfortunately, this illusion of invincibility can lead us to let our guard down, and fall prey to phishing scams.
In Singapore, millions of dollars have been lost to scammers in recent years, with the victims coming from all walks of life from retirees and professionals to even seasoned investors
That is why it is important to take note of tell-tale signs of whether you’re being fed a phishing scam.
What is phishing?
Phishing is a type of social engineering attack where scammers pose as legitimate institutions (through websites and messaging platforms) with the aim of obtaining sensitive personal information from targeted individuals.
They aim to login to a victim’s account and access whatever valuable assets the person might have.
Through phishing, cybercriminals can steal an individual’s money, or identity, by getting you to reveal personal information such as your NRIC, name, date of birth and email.
Seasoned cybercriminals will even go one step further and ask for usernames and passwords, bank account details and even credit card numbers.
5 signs that you might be facing a phishing scam
While phishing tactics are constantly evolving, there are some clear tell-tale signs that can help you sieve out possible scams to avoid being a victim of phishing.
1. Remain vigilant “authority” or “respectable” organisation
The oldest trick in the phishing playbook is for scammers to act in the capacity of organisations like government ministries or companies with a good public standing.
This has been effective and is actually backed by research too!
Findings from the Milgram experiment, a series of social psychology experiments, suggested that people tend to obey commands or requests from figures of authority, even if these figures are fictitious. This goes some way to explaining why many scammers tend to act in the capacity of authorities or trustable organisations.
If you received a request from such an “authority” or a “respectable organisation”, it certainly helps to be vigilant by verifying if the sender is actually acting on behalf of the said organisation before complying with any requests.
2. Receiving suspicious private messages on messaging platforms
With the proliferation of social messaging services and platforms, connecting to a stranger has become very easy (some would say too easy).
Cybercriminals have taken advantage of this to send suspicious messages to unassuming individuals through SMS, WhatsApp and Telegram, among others.
So, what messages should we consider suspicious?
Common examples of what to consider suspicious is if it is:
- Coming from an unknown number that you have not seen before
- A message about the delivery of a parcel that you did not order
- A message from the police or other authorities requiring your assistance
3. Receiving fake email from an unknown source
While phishing incidents on mobile platforms are on the rise, that doesn’t mean that cybercriminals are taking a break from conducting phishing scams through emails. Sending out phishing scams through emails is not only easy for cybercriminals but they can reach millions of users easily too.
If you suspect that you have received such an email, make sure to validate the source of the email. If the sender looks suspicious, report it as a spam and block the sender.
Another tell-tale sign to see if an email is suspicious is if you spot a flurry of spelling errors. If the email is sent from an established organisation (i.e. Bank or government agency), rest assured that it is highly unlikely that an email will be sent without a grammar- and spell-check.
Most importantly, if you are asked being asked to share your credentials or personal information through an email, never reveal it unless you have verified.
4. Prompting you to visit a suspicious website
We have gotten very accustomed to using the internet through our computers and mobile devices. Likewise, clicking on links in messages, emails and websites, has become second nature to us.
However, what we tend to overlook and what cybercriminals are taking advantage of, is that clicking on a link has become a reflex action for us (i.e. we might click on a link before thinking or considering whether it is malicious). In addition, it’s easy enough to send a link when messaging through platforms.
In case you accidentally click into a suspicious website, there is a second layer of checks that you can do.
Some signs that a website is suspicious include:
- Having unusual names
- Misspelling in the URL
- Not using the https encryption protocol in the URL (Website starts with http instead of https)
- Bad design (but cybercriminals are creating more legitimate looking websites now)
If that’s too much work, the most foolproof way is to avoid clicking on any website link, unless you’re expecting to receive communication from a particular individual or organisation.
5. Being asked for an OTP
The use of a one-time password (OTP) provides an additional layer of security to guard against cybercriminals. But cybercriminals are getting smarter and are trying to work around this security measure by tricking you into giving up your OTP.
If you are being asked to disclose your OTP, never share it. Moreover, no one should be asking for your OTP as it is the equivalent of requesting for your password.
Now, you wouldn’t want to do that, right?
When you share your OTP, you are nullifying a security measure that was designed to protect you.
It’s better to be safe than sorry
While there are tell-tale signs to help you identify phishing scams, be warned that cybercriminals are very adaptable. Phishing scams are becoming harder to differentiate with each passing day.
If you are ever in doubt, it is better to assume that you are being scammed and remember to take the necessary precautions immediately. It’s always better to be safe than sorry.
Here are additional useful anti-scam resources that you can look to for professional guidance: