Given that phishing scams are becoming more prominent each year, how can I recognize a phishing scam, and what can I do about it?
Phishing scams have many faces, but they all have two things in common. They manipulate and deceive users into providing information that will be used against them. Learning how to recognizing their phishing methods to obtain your information will prevent you from falling prey, becoming their next victim.
How do Scammers Phish?
People have been trying to con others since the beginning of time. As technology increased, so did the opportunity for con artists, (also known as “scammers”).
Scammers Phish with In-Home Visits
I know what you are thinking. “Does this guy know what phishing is?” Allow me a moment to show the progression of what we now call, “Phishing”. You’ll see a common thread in a minute.
As a college student, my wife and I received a phone call from a very persistent casket salesman. Yep, they actually make funeral home casket salesmen. Who knew? We certainly didn’t. We were just married, so young and naive. When he asked if he could come over to our apartment and help us “plan for the future”, we were a little skeptical, but falling prey to the manipulative tactics he used on the phone, we made the appointment.
A few days later, he arrived at the appointed time and knocked on our tiny apartment door. After offering him some iced tea, he started his pitch. It was so manipulative. So much so, that I told him that the only reason that we were not going to take him up on his offer, was because of the guilty manipulative tactic he was using to convince us to buy his nasty casket.
You see, he was preying on our emotions. He would ask questions like, “What will your wife do if you were to die next week?” Yeah, it was that bad. True story.
Phishing scams do just that. They lure you in by design. They will say anything to get what they want. But learn from this: Manipulation is their tell.
Scammers Phish by Mailing Letters
In a digital age, a hand-written letter is powerful and effective. So much so, that even if you don’t know the sender, you will probably open up any piece of mail you receive where the address is hand-written. After all, someone spent the time to write the letter by hand.
The point of a hand-written letter is to tell a story, one that will convince you to take action. They may weave a story to get you to wire them money immediately, or ask you to send a check if it’s too inconvenient to wire money.
It does not take a rocket-scientist to send a hand-written letter. You only have to write one letter 1,000 times. Get a group of 5 people to manually copy a letter by hand, and they can share the fruit of their labor as the money pours in. It does take a con artist, however, to create a convincing story that manipulates the reader to do what they want.
Scammers Phish Using the Phone
Years ago, before the internet, “phishing” took place over the phone. This was more difficult to do, indeed, took talent to pull off. The caller usually will prey on the elderly, perhaps posing as the roommate of their grandson who is in college. It only takes a little bit of information for a con artist to tell a tall convincing tale. Because this type of scam takes a lot of work, it’s not used nearly as often as the upcoming types of phishing scams.
Scammers Phish Using Websites
People can blindly provide personal information by simply completing an online form. Promising the user a “free” e-Book, or “Chance to Win” something, is a way for a scammer to get personal information from you. There is no “free” e-Book or “Chance to Win” anything. They simply want you to submit personal information via an online form so that they can then sell that information to other scammers who will compile as much information about you as they can.
Understand, however, that this is not to say that you should not submit your personal information via an online form. Just make sure that you know the reputation of the website in question. Never click on a link from another site or from an e-mail that directs you to an online form. Manually type out the URL into your web browser and locate the form in question.
Scammers Phish Through Social Media
Social Media websites are breeding grounds for phishing scams. They are probably the most popular means of collecting information about you. Again, remember, that the purpose of a phishing scam is to get you to provide information, (any information), about you, so they can sell it
Though phishermen, (Scammers), would love to know your home address, phone number, or even your credit card number, they are interested in any information about you, because once obtained, they will sell that information.
For example, have you ever completed those “quizzes”, that ask you questions about your favorite type of food, or state you have lived in, or type of dog, etc., etc. All this information is gathered and used against you for advertising purposes. Usually, you will find pictures with enticing titles that serve as clickbait to get to leave the social media website for their own website, where they will then glean even more information from you, information that is not monitored by the social media website.
Scammers Phish via Email
E-mail phishing scams have been around for years, but over time, people have opted for other methods of phishing as they are easier and more rewarding. However, you should still be on the lookout for e-mail phishing scams.
There are some obviously things to consider when receiving e-mail. Assume that all incoming e-mail is fraudulent, and then prove that it isn’t a phishing e-mail by asking yourself the following questions:
- Do you know the sender? If not, delete the e-mail without reservation.
- Does the e-mail address represent the real company? For example, Microsoft.fraud-department.com is not the fraud department from Microsoft. It’s coming from a website called, “fraud-department.com”.
- Have you ever dealt with the company that e-mailed you? If not, delete the e-mail without reservation.
- Is the e-mail written in broken English? This is a dead giveaway.
- Is the punctuation off, even a little? No legitimate company would allow any e-mail to go out to its customers with improper punctuation, such as ALL CAPS or exclamation points!!!!!
- Is there a phone number for you to contact them? If so, Google it and check to see if you find others who have been scammed by calling the number.
- Is there any kind of threat, such as a denial or termination of service, or fees and penalties that will be assessed if you do not immediately respond? Any legitimate company will send a certified letter through the Post Office.
- When you hover over any of the links in the body of the e-mail, does it show a different website address than what it is should to be? If so, immediately delete the e-mail without reservation.
Again, any time you open up an e-mail, assume that it is fraudulent, then look at the e-mail and ask the above questions to prove that it isn’t a phishing scam.
Scammers Phish via Text
Just today, I personally received this unsolicited text message out of the blue. I have no idea who “Rory” is, or who “Working America” is.
Let’s take a look at the above text message I received and I will show you why I know that this is a Phishing text.
- It’s an unsolicited text, as I don’t know a “Rory” or the company, “Working America”.
- The text does not address me by name.
- The only call to action is a negative response. In other words, I can only tell them what I don’t want, not what I do want. By “opting out”, I would be letting the sender know that I am a real person who will actually read their texts. That signals to them that they can send me other text messages.
This type of text phishing is very typical. It can be compared to a real fisherman (the kind with a worm on hook at the end of a fishing line). They have placed the line in the water, and if they get a “nibble”, they will then put more attractive bait on the hook until they get a bite so that they can real them in.
DO NOT reply to a text like this to “Opt Out”. By opting out, you are giving them exactly what they want. Instead, block the caller. On an iPhone, you simply follow the steps shown below.
To block the sender from ever sending another text message from this phone number, simply tap on the phone number at the top of the text message.
From three, you will then see three icons that will drop down. They are Audio, FaceTime, and Info. Tap on the INFO icon.
You will then see the screen below. Tap on the INFO icon here as well.
Now, tap on the “Block this caller” link at the bottom of the screen.
Finally, tap on the “Block Contact” link at the bottom of the screen. Now you will no longer receive text messages from this phone number, ever again.
What to Do if You Already Responded to a Phishing Scam
If you have already responded to a phishing scam, you need to ask yourself a few questions.
- Did you give them your first and last name, home address, or birth date?
Do not reach out to contact them for any reason, and if they reach out to you, under no circumstances should you ever reply, no matter what they tell you, even if they threaten you. If for ANY reason, they do threaten you in any way, contact your local police or dial 911 immediately.
- Did you provide the name of your employer?
Contact your HR department immediately and let them know that you were the victim of a phishing scam. This will alert them to anyone who may attempt to cause your harm financially.
- Did you give them your social security number?
You will need to immediately contact a company such as LifeLock.com, to protect your identity.
- Did you give them your credit card number or any banking information?
You will need to immediately contact your bank to cancel your credit card. Be sure to tell them of the last transaction that you made with the credit card in question. Also make them aware that you were a victim of a phishing scam which is why you want to cancel the credit card, and have it replaced.
- Did you promise them anything?
Con artists can be very convincing. They use all kinds of different manipulative tactics to get what they want, and will prey on your emotions without a second thought. They are extraordinarily self-centered and would sell out their own mother in order to make an extra buck, if they could.
Because they are so skilled at manipulation, they have an uncanny way of making you feel like you owe them something. You don’t. You don’t owe them anything, and if they attempt to contact you in any way, be it by the mail, phone, e-mail, social media or text, do not respond. Ever. If you respond in any way, they will never leave you alone. Once you stop responding, they won’t waste their time on you. In stead, they will find another victim.
Immediacy is the operative word here. You need to act immediately. If you don’t, it could ruin you. Don’t take it lightly. Evil preys on the innocent and shames people into not admitting that they have been scammed. For the sake of your online identity and financial integrity, act now.
Should I Report Phishing Scams?
Personal Email Address
You can report a phishing scam by forwarding the e-mail in question (as is), to the Anti-Phishing Working Group at email@example.com. If you receive a phishing text message, you can forward it (as is), to SPAM (7726).
Company Email Address
If, however, you work for any company, regardless of its size, report it right away. Ask the HR department what e-mail address you should forward the e-mail to. The reason for this is because the IT department of the organization can stop it from spreading to other people within your company, and potentially save your colleagues from becoming victims of this phishing scam.
Some companies have an official e-mail address that you can report a phishing scam to. For example, if you were to receive an e-mail from “Apple Computer”, asking for private information such as your Apple ID and Apple ID Password, (for any reason), you could simply forward that phishing e-mail to firstname.lastname@example.org.
Phishing scams are a real thing, and they have the potential of completely ruining you financially, while stealing your online identity, bringing you to ruin. You should never underestimate a phishing scam, and if you do fall prey to one, (regardless of how insignificant you think it is), you should take immediate action to protect yourself. You may need to contact your bank, your HR department, or a company like, LifeLock.com to protect your identity moving forward.