It’s hard to believe people still fall for the infamous Nigerian prince scam, but this email scam still rakes in over $700,000 a year.
And it’s not just your average Joes who are falling for these scams.
Between 2013 and 2015, a Lithuanian hacker swindled over $100 million from tech giants Facebook and Google. His tactic? Fake invoices from a legitimate Asian manufacturing company.
If it can happen to employees at the world’s biggest tech companies, it can happen to you too. And if you think your antivirus software is going to protect you from every internet scam and phishing attempt, think again.
We’re not saying you shouldn’t have a solid network security system, of course. But it’s often the human element and not a software failure that leads to successful scams.
For example, do you know how to tell if a link is safe to click on? Do you know how to spot a phishing email? How can you tell if that funny Facebook video or Instagram ad is the real deal — or a clever scam?
We’ll answer these important questions and much more, so keep reading to learn how to keep your personal information and company data safe.
What Is Phishing?
If you were around in the 1980s, you might think of the famous rock band Phish when you hear this term. Although the spelling is the same, nothing about “phishing” will make you want to stand up and cheer.
Just like fish don’t know they’ve been hooked until it’s too late, phishing scams are clever attempts to steal personal information or sensitive business data. They often appear in the form of an innocent-looking email or social media message request. Only after you “take the bait” do you realize you’ve fallen prey to a scam.
While some attempts (like the Nigerian prince scam) are quite obvious, some phishing scams look, sound, and appear 99% genuine. The email prompts you to take some sort of action, whether that’s logging into an account, opening an attachment, or clicking on a link.
Each year these attacks get more sophisticated and harder to spot. If you do click on a link, you may land on a website that looks almost identical to the real thing — except it’s a fake. This is why it’s so important to know how to tell if a link is safe before you decide to click it.
There are several ways to determine if an email or message is legit, which we’ll discuss in just a moment.
Where and How Do Phishing Attempts Occur?
The most common way scammers attempt to steal information is through a phishing email. These emails appear to come from legitimate, well-known companies such as PayPal, Wells Fargo, Amazon, or Microsoft.
Some of the most common subject lines include themes like:
- Facebook login alert
- Password reset requests
- Join my LinkedIn network
- New voicemail or message waiting
- A delivery attempt was made
- Deactivation of (email address) in process
- Your order with Amazon.com
- Updated employee vacation policy
- HR: Download your W2 now
- Microsoft Teams: Steve sent a message
- Wells Fargo: You have a new secure message waiting
Do you see how many of these, at first glance, appear harmless and legitimate? Of course you’d want to know if someone tried to log in to your Facebook account or you missed a delivery attempt. And if something’s happening with your W2 or the company’s vacation policy, you want to be informed ASAP.
Scammers understand human nature and they know how to create a sense of urgency in their emails. Rather than pausing to consider the email’s legitimacy, the hope is that you’ll impulsively click that link and disclose your personal information.
Emails aren’t the only security concern for business owners and employees. Your company’s data may also be at risk during a major change like office relocation. Hire a professional to ensure your IT infrastructure stays secure before, during, and after the move.
How to Spot a Phishing Email
This could be a whole separate discussion, but it’s worth mentioning some basic ways to identify phishing attempts. Keep an eye out for these tell-tale signs you’re being phished:
- Spelling mistakes
- Poor or unnatural grammar (ex: We speak well English!)
- Sent from a public email domain (@gmail.com, @yahoo.com)
- Misspelled domain name (ex: bluernedia.com instead of bluemedia.com)
- Suspicious links, attachments, or buttons
- A request for sensitive information (password, username, payment information, etc.)
- A generic salutation instead of your name (“Dear customer” or “Dear valued member”)
- An unusual request from a supervisor or the CEO of your company
Remember, the goal is to create a sense of urgency and get you to react on impulse. If you fear your account is about to be closed or your boss needs you to verify some information, you may click before you think.
No matter how busy you are, slow down for a moment and think. Remember, a legitimate company will never ask you to send sensitive information via email. And if you have any doubts about the status of an account, it’s best to go directly to the company website and log in there rather than follow an email link.
How to Spot Scams on Social Media
Social media scams are often trickier to spot. But like email scams, there are some tell-tale signs you should be aware of.
Before you click that link or take any other action, look for red flags such as:
- Anyone you don’t personally know asking for money or charity contributions
- Requests from unverified pages or groups
- Accounts or people directing you to claim a reward or prize
- A request to move a conversation from the social media platform to somewhere less private
- A request to pay a fee for applying to a job
- Fake gift cards or coupons
- Clickbait malware (Ex: “shocking video” or “amazing transformation”)
Another seemingly innocent scam to be aware of is Facebook quizzes. It might seem like innocent fun to find out who your celebrity soulmate is, but you’ll have to allow access to your profile to see the results.
Even sneakier, many of these quizzes are designed to dupe you into disclosing sensitive information. If you reveal the name of your first pet or your childhood best friend, guess what? Hackers are one step closer to guessing your passwords or security question answers.
How to Tell if a Link Is Safe
By now, you’re much more familiar with different phishing scams and clues to look out for. But let’s say that, despite your best efforts, you’re still not 100% sure if a link is legitimate. What should you do next?
There’s a simple way you can check whether it’s a safe link, as well as link checker sites you can turn to. Let’s start with the simple way first.
Hover Over the Link (Without Clicking on It)
No matter what the link text or button says, it may not go to the advertised destination. Even if it has the full URL typed out and hyperlinked, it could connect to a completely different website.
One way to know for sure is to place your mouse over the link and hover. DO NOT click on the link. Instead, take a glance at the lower left or right corner of your browser. A tiny popup should appear that reveals the full URL of the link’s destination.
For example, let’s say the email says “Click here!” to take you to Costco’s homepage. Hover over the link and check the URL. Does it actually go to https://costco.com? Or does it go to a (very similar looking) fake Costco site?
If the link’s URL doesn’t match up to the company website, don’t click it.
Bonus tip: Always look for the “S” in the HTTPS part of the URL. This indicates that the site is encrypted with a security certificate. A site with HTTP in the URL isn’t necessarily bad, but it does lack this extra layer of security. Proceed with caution!
Use a Safe Link Checker Site
Do you still have some doubts after the basic hover test? That’s okay — it’s always better to be safe than sorry.
To have true peace of mind, you may need to go one step further and use a link checker site. These tools are free and easy to use. You can even cross-reference the link in several of them if you want extra reassurance.
How do you paste the link in question into one of these online scanners without opening it? It’s easy. Just right-click over the link to bring up the context menu, then select:
- Copy Shortcut (Internet Explorer)
- Copy Link Address (Chrome)
- Copy Link Location (Firefox)
The URL is now safely copied onto your clipboard. From here, you can paste it into any of the following sites to check it.
Ready to try it out? Here are six of the best resources for how to tell if a link is safe.
Norton Safe Web
Norton is synonymous with web security, so this is a great place to start. Use the copy and paste technique mentioned above to paste the URL into the search field. Norton will scan it for malware, as well as display ratings and reviews for the website.
(For extra security, you might consider using two of Norton’s free tools in your daily routine. You can add the Norton Safe Search Extension to your Chrome address bar for safer surfing. There’s also the Norton Home Page Extension that shows only safe sites in your search results.)
Google Safe Browsing
Did you laugh out loud at that cat video on Twitter, but you’re not sure about following the link? Here’s an easy way to tell if it’s legit or not.
Type this address into your web browser: http://google.com/safebrowsing/diagnostic?site=
Then, paste in the URL you want to check. Google will quickly scan the site and let you know if there have been any reports of malware in the past 90 days.
While many sites listed here focus on malware and spyware, PhishTank is a reliable resource for identifying phishing scams.
Enter the URL you’re unsure about and PhishTank will check it out. If it’s already “in the tank” as a known phishing site, you’ll know it instantly. If not, PhishTank will provide a tracking number and alert you to any updated information.
It’s not as easy or foolproof as scanning for malware, but it’s a valuable tool for finding known phishing sites and scams.
This all-in-one site scans both URLs and files for potential viruses and malware. There are also convenient Android and Windows app you can use to check URLs.
Paste in the URL in question and you’ll receive instant results. These results are also shared with online communities so others can learn about malicious sites too.
PSafe Dfndr Lab
This oddly spelled safe link checker is another valuable tool you can use. Paste in the URL and you’ll instantly know whether the site exists in the Dfndr Lab’s “trusted sites” database.
If the site can’t be found in the database, you’ll receive a response urging you to exercise caution.
Want to check for malware, phishing, viruses, and poor reputations all at once? ScanURL’s spam link checker does all this with one simple click.
It works by polling Google, PhishTank, and other trusted sources to let you know if a site is trustworthy or potentially dangerous. You can also explain where you encountered the link to help others avoid falling victim.
When in Doubt, Don’t Click
In a perfect world, we wouldn’t have to worry about phishing scams or how to tell if a link is safe. However, the truth is that there are endless scams and scammers out there trying to take advantage of you.
You don’t need to be paranoid, but you do need to be smart. Get familiar with the latest phishing scams on social media and via email. If you own a business, educate your employees about how to spot scam emails and what to do if they receive one.
What if, despite your best efforts, you still can’t decide if that link you’re looking at is a safe link? When in doubt, don’t click on it. There are other ways to verify the information without putting your computer and personal information at risk!
Was this article helpful for you? Would you like more great tips and advice about technology, business, and other trending topics? Keep browsing our site for more articles like this one!