The Basics: What is Phishing?
Phishing is just the term for people trying to lure others to give up their secure information through emails. People hopefully aren’t falling for the Nigerian Prince bit anymore, but it’s a good representation of the basic idea.
Nowadays, people don’t typically ask for you to directly send them money – instead they try to get sensitive information (often CC info, or your login information for your bank/PayPal) or they might just want you to click their link to download malware onto your computer. In general, it’s all bad and you could lose valuable information and money. Or your time and patience while you try to get it back.
An Example of Phishing
I’ve attached an email below that we got that isn’t quite as obvious. It has many errors in it, but they aren’t too noticeable, and on first glance it seems like it might be a legitimate email from PayPal. I have to respond/handle legitimate emails like this pretty regularly, so it’s not hard to believe that someone could get tricked. Catch someone before their first cup of coffee and they might just fall for it completely! Here is the unedited email in question:
As you can see, this email is impersonating PayPal, saying you need to click the link to verify your account because some illegal activity has been going on in your account. At first glance, this looks fine, like something PayPal might send out. However, there are several mistakes/signs that this email isn’t correct.
The Errors
There are actually many small errors throughout the email that should tip you off that something is wrong, on top of the fact that the URL the link will take you isn’t PayPal. Let’s go through them.
- The logo is wrong.
- PayPal uses mainly two versions of their logo, one of which looks a lot like this, but it is slightly different. I didn’t notice this at first, so if you didn’t, don’t feel bad.
- Broken English
- “…from different country followed by some illegals buys . we think that you’re not who do that, so we have suspended your account.”
- When you look closely, it becomes pretty obvious that this is written in broken English. Notice that the last bit “so we have suspended your account” is perfect though, so if you just skimmed the email you could totally miss that.
- “…from different country followed by some illegals buys . we think that you’re not who do that, so we have suspended your account.”
- “We will give you 1 Day to update your informations or we will suspend your account forever.”
- More broken English. But suspend my account FOREVER? Okay well Paypal wouldn’t do that… that just doesn’t make sense. But if you don’t pause to think about it, you could get spurred to action.
- Lastly, the link doesn’t go to PayPal.
- You can highlight the link they want you to click and see where it’s going to take you. It’s not Paypal, so wrap it up and call it a day. The email is fake. I don’t know if they wanted you to just click the link and it would download malware, or if they wanted you to input your Paypal information so they could get access. It doesn’t matter, don’t click the link.
Why do Phishing emails have errors? Are they not trying hard enough?
The assumption is that for most scammers, English is not their first language so there’s a greater chance of typos and improper grammar. However, there is speculation that emails like this are typed a little poorly on purpose to get specifically the uneducated/lazy/tired individuals that are less likely to make a big fuss if they give up their information.
This is why we all laugh at the old “Nigerian Prince” scam, but it was/is moderately successful! We all think “who falls for this stuff…” but it’s because they want to get the gullible and uneducated to work with them. They don’t want everyone to respond to the emails, because that would be a waste of time for them. They only want people who are likely to actually fall for their tricks – thus poor grammar and spelling are very common. People who will overlook the obvious issues in the email are more likely to just give their information without questioning it.
Now I know everything about Phishing and will never get got by it!
Well, no. Unfortunately, being cautious is pretty much the best advice we can give you on how to protect yourself, but it’s impossible for us to guarantee that that will keep you completely protected. However, as long as you are careful, potential hackers/scammers won’t want to waste their time with you.