Easy Ways to Spot Phishing Scams

Have you ever received an email that just felt…off? Maybe it promised a prize you didn't enter to win, or it tried to scare you into thinking your account was in trouble? That’s likely a "phishing" scam, and it's one of the most common tricks thieves use on the internet.

Think of it like a fisherman casting a line. They bait a hook and hope a fish bites. Cybercriminals do the same thing with fake emails, texts, and social media messages. They're "phishing" for your personal information, like passwords and bank details. For businesses, taking the bait can lead to serious trouble.

At Datalyst, we believe that being prepared is the best way to stay safe online. So, let's make this simple and talk about how to spot these scams and keep your information secure.

How Scammers Try to Trick You

Criminals have a few go-to moves. These include:

• Pretend to be someone you trust - They'll create fake emails that look like they’re from well-known companies like your bank, Amazon, or even your own boss. This is their most popular tactic.
• Send you a scary message - You might get a text or email that says that your account has been locked. They want you to panic and click a bad link without thinking.
• Use social media - Scammers create fake company profiles online to fool you into giving them your login info when you ask for help.

Easy Ways to Spot a Fake Message

You don't need to be a tech genius to spot a phishing attempt. Just look for these simple clues:

Is It Trying to Rush You? 

Legitimate companies don't usually pressure you to act immediately. If the message screams "URGENT" you need to take a deep breath and look closer at the message. 

Does It Use Your Name? 

A real email from your bank will probably use your name. A fake one might say something generic, like "Dear Valued Customer."

Check the Links

Before you click any link, hover your mouse over it. A little box will pop up showing you the real web address. If it looks like a jumble of random characters or doesn't match the company's real website, don't click it.

To check a link, you need to hover your mouse over the clickable part in the email, and look at the bottom of the screen, typically on the left for most email clients. It will show you an address that starts with http.

For our example, we’re going to use Amazon.com, and how to spot something suspicious. It’s all about looking for periods in the address, and noting where the periods are.

If there is a period AFTER the domain name of the website you want to go to, then it might be a trap.

• https://www.amazon.com/gp/help/customer/account-issues - This is safe, because there isn’t a period after the .com. 
• https://support.amazon.com/ - This is safe, because the extra period is before the company’s domain name (in this case, amazon.com)
• https://support.echo.amazon.com/customer-support/password-reset - Again, this is safe because there are no periods after amazon.com, regardless of how many subdomains (extra periods) are before it in the URL.
• https://support.amazon.ru - Time to slow down. While Amazon does legitimately have a .ru domain, not every business has every variation of domain extension (like .org, .net, .co, .co.uk, etc.). As soon as you get something you don’t expect, start to scrutinize even more.
• https://amazon.passwordservices.com/help/account-issues - This one is dangerous. This URL is technically taking you to a site called passwordservices.com. We just made that up for the example. Anyone could purchase that domain (or something similar) and spoof the URL to say Amazon before the first period. It’s tricky because it’s easy to miss.

Let’s take a look at another example, using PayPal:

• paypal.com - Safe
• paypal.com/activatecard - Safe
• business.paypal.com - Safe
• business.paypal.com/retail - Safe
• paypal.com.activatecard.net - Suspicious!
• paypal.com.activatecard.net/secure - Suspicious!
• paypal.com/activatecard/tinyurl.com/retail - Suspicious!

Keep in mind, these URLs above may or may not be real, we’re just making them up for the sake of an example!

Look at the Sender's Email

Does the address the message is sent from look strange? An official email from Microsoft isn't going to come from an address like "."

Were You Expecting It?

If you get a random email with an attachment you didn't ask for, it could be a virus. It's best to just delete it.

Why This Matters

A single click on a bad link can cause huge problems. A hospital in Hollywood had to pay thousands of dollars to criminals just to get their computer systems working again after an employee fell for a phishing email. For any business, losing access to files or having customer information stolen can be a nightmare.

How We Can Help Keep You Safe

Worrying about every single email is stressful and takes time away from running your business. That's where Datalyst comes in. We offer proactive technology support to stop these threats before they even get to you.

Think of us as your digital security guard. We can:

• Filter out junk and scam emails so you see less of them.
• Train your staff to become expert scam-spotters.
• Add extra layers of security, like requiring a code from your phone to log in, which stops thieves even if they steal your password.

You have a business to run. Let us worry about the scammers.

If you want to learn more about keeping your business safe from online threats, give the friendly experts at Datalyst a call. We're happy to help. Give us a call today at (774) 213-9701.