The deal season is upon us with our inbox full we look at tips on what phishing emails look like. Considering the cost of living has been increasing, many Australians are likely to be on the lookout for some money-saving deals. Unfortunately, cyber criminals are well aware of this and will often find ways to exploit Australians.
ACCC Scamwatch data reveals that as of October 16 million dollars was lost to phishing scams in 2022.This is over a 300 per cent increase to2021 when over four million dollars was lost to phishing scams. Research from 20221 of Avast, a leading global digital security and privacy consumer brand by Gen™ (NASDAQ: GEN), also found that phishing scams are the most experienced scams for Australians, with 72.9% having reported receiving or seeing one even if they didn’t fall for it.
Stephen Kho, cyber security expert at Avast, says, “given how vulnerable many can be, the likelihood of accidentally opening a phishing email and clicking on a link that is a scam may be higher than usual”.
“Cyber criminals will likely take advantage of people this holiday season by sending and posting fake offers, claiming to sell expensive gifts at extremely low prices. Alternatively, emails designed to look like well-known and trusted sites could hit people’s inboxes. They can also disguise themselves as well-known charities and encourage users to donate money instead of giving physical gifts.
“Other common phishing emails claim to include an invoice or describe a billing problem and could be more effective during the pre-holiday season when people make more purchases than usual and therefore expect more shipments. These emails can lead to spoofed landing pages, prompting people to enter their financial information, for example.
“Cyber criminals may also send out more fake bank alerts. Many banks will alert customers if they detect any suspicious activity or the account is about to be overdrawn. Phishers use these helpful services to try and convince people to “confirm” their bank account information.
“For Australians to remain vigilant and scam smart, it is important to be aware of what these phishing scams might look like this holiday season and what can happen when you open a phishing email,” Kho concluded.
Top tips on what phishing emails look like and what users should be wary of:
- Weak salutation: Many types of phishing, including the standard “deceptive phishing,” cast a wide net. As such, the email won’t be personalized with the recipient’s name but instead will greet you with something vague, such as “Dear Customer,” or maybe even their email username. Official correspondences from legitimate companies will address customers by name. However, cyber criminals can parse email addresses to figure out victims’ first and last names, if these are included in the email address.
- Offers that can’t be refused: If an offer or deal seems too good to be true, that’s probably because it is.
- Immediate action required: Phishers are big on urgency. This tactic can be more successful during big shopping events like Black Friday, as limited-time offers are expected.
- Shortened or misspelled links: Malicious links often hide behind link-shortening services. Cyber criminals also host spoofed versions of legitimate sites with almost identical URLs, and they’ll encourage people to click these links in their phishing emails. Attackers also try to deceive people with typosquatting, using a slightly incorrect version of the legitimate URL — or deliberate misspellings that use similar-looking letters and characters.
- Poor writing: A bank isn’t going to send out an email with typos and grammatical mistakes. A phisher, on the other hand, can and often will. Careless errors like these are signs of a phishing email.
- Attachments: There’s nothing wrong with attachments in general — if people expect them and come from a trusted source. Scammers can even hide malware in rich-content files like PDFs. In many cases, attackers use attachments with double extensions like .doc.exe.
- Personal information requested: Phishers are after data. Therefore, they send emails asking people to confirm their account info, login credentials, or other personal information.
- Appear to be from a company or service not used by the recipient: Phishers don’t usually have access to the user databases of the companies they impersonate, so they blast their phishing emails out to anyone they can find. People should be especially wary of emails from services they don’t use claiming account issues, or billing issues, for example.