Computer crime is on the rise in Portugal, and there are more and more cases of phishing, vishing and smishing.
All brands have been concerned about the spread of phishing or smishing emails.
We have warned that in Portugal cybercrime is reaching record levels, but the truth is that hackers have taken advantage of the Portuguese people’s lack of digital literacy to steal more and more personal data and, especially, money.
Thus, and as we are active in disseminating information to prevent these attacks, while advocating organizational awareness, we share 10 tips to detect phishing and smishing emails.
Too good to be true
If you have received an email or sms with an offer of money, promises of rewards, great opportunities, in exchange for clicking on the link sent or sending confidential information, don´t do it, it will be fraud.
If the request is for money, even from someone you know, always be suspicious. Contact the person by alternative means and validate the story, because your family member or friend’s email may have been hacked.
Words like “customer”, “account holder”, “dear” can be a sign that this is a massive phishing email, as it does not personalize the treatment.
Usually, the people who know you or do business with you know your name. Phony emails usually do not personalize the treatment.
Phishing emails often have a sense of urgency, in order to convince people to act. This sense of emergency leads to the person not even thinking about it and acting as quickly as possible, either for rewards or scare tactics.
It can also happen that the email is impersonating your superior, leading you to open a possibly harmful attachment.
Examples of phrases of false urgency:
– Attempted login or We noticed suspicious activity;
– There is a problem with your account or payment information;
– Confirm your personal information now;
– Pay now;
– Free products on registration within 24h.
Request for personal and confidential data
When personal and confidential data is requested such as passwords, credit card information, IBAN’s, TIN, among others, be suspicious, since banking institutions, finance or other authority body never send emails or sms asking for personal information, sending them via link.
If in doubt, the best thing to do is to call the institution or go to the counter to verify the information.
Spelling and grammatical errors
To err is human, but when it comes to phishing mail, these contain easily detectable spelling and grammatical errors, since hackers and scammers use online translation apps that do not correct flaws.
Catfishers use an email technique called spoofing which is about hiding the real sender.
If the email address is visible, validate whether the domain is verified or not. The sender must match the name and company the email claims to come from. If it is a fake, it will be detectable by small errors, or changing letters.
If you receive an unexpected, unsolicited email in your mail box, it is recommended to check all hyperlinks before opening them.
Sometimes the sender and the email body may look legitimate, but phishing is hidden in the links. Just hover your mouse over the link to check the URL to see if it takes you to the site the sender said you expected.
Also, only click on links that use HTTPS.
Time and Date
Look, closely and carefully, at the emails that arrive in your inbox outside working hours. The phishers may be in a different country, and this small detail, combined with the factors mentioned above, can help identify a phishing attempt.
This is considered one of the most important rules. Do not open any attachment from a strange or unknown email, without being 100% sure that the sender is legitimate.
If, in fact, the email is a phishing attack, the attachment may contain malware, which will be exposed on your computer.
However, no legitimate company expects you to open the email files or, even, download them. Instead, you will be directed to the official website, where you can safely download it.
When the sender’s email is different from the email that appears when you click the “reply” button, it is suspicious because it is most likely fraud.
Protect yourself from phishing mails with this checklist.
Prevention is always better than cure.