Security Basics: 5 Signs of Phishing

Security Basics: 5 Signs of Phishing

Dmytro Volkov


Views 729

Security Basics: 5 Signs of Phishing

03.08.2020 07:45 am

A recent WatchGuard Technologies survey showed that 86% of UK companies expect an increase in cyberattacks in the next 12 months. One big threat in particular is phishing attacks linked to COVID-19, which have recently been gaining popularity among scammers once again. Find out how to discern scam attempts using these tips from Dmytro Volkov, CTO of the international crypto exchange CEX.IO.

Even though payment systems and banks do everything they can to protect their clients, fraud flourishes on the global network. And most financial losses are attributable not to direct break-ins to online banking systems or to hacking, but to phishing. Fortunately, there are some simple rules that can help recognize a scam site and avoid losing money.

What Is Phishing?

Phishing is a method of deceiving someone into willingly sending a scammer money or valuable information. That’s exactly why it’s so hard to get your money back after a phishing attack—you took the action yourself and made the transfer. One widespread phishing method is to create a similar (ideally identical) website. Social engineering is used to lure people to the fake site. Cybercriminals carefully think through the user’s interaction with their portal to push them toward making the payment as fast as possible, without a second thought.

All sorts of sites can turn out to be phishing sites: from fake online marketplaces to financial services, such as crypto exchanges or even credit companies. But with a cool head and an attentive eye you can recognize scams without fail.

5 Signs of Phishing

  1. Exclusive offers

Phishing sites and messages are typically jam-packed with super-sweet deals. Very often, you will magically find yourself on the site in the last 5 minutes of an amazing sale, or you’re offered one of the last discount subscriptions. Lately, one popular offer has been an “exclusive investment opportunity” with doubled returns. And while these sorts of marketing ploys don’t always point to a scam, scammers use them very often, because an exclusive offer, presumably from a famous company, makes us less vigilant.

  1. Unexpected emails or messages

Agents inviting you to a phishing site will often appear in your email or messengers unexpectedly. They may be people you know writing messages in an unusual tone (rather, someone is writing in their name after hacking their account), or strangers purporting to be company support staff or managers. For example, at CEX.IO we make sure to stress to users that our exchange’s staff will never provide support over Telegram and do not send messages first. If someone sends you a personal message uninvited, they’re definitely trying to deceive you.

  1. Payment types

Criminal groups very frequently use relatively unknown payment systems, small banks, and other methods of withdrawing funds. If the payment method is unfamiliar or seems suspicious, check whether you have an encrypted connection and whether the site’s certificate is valid. Your browser will typically display this information on its own and warn you of insecure connections. You can also search up the payment service and verify that it exists and is licensed. Pay attention to the recipient’s name, too: it should match the name of the store or service where you’re making the purchase. For example, if you are buying rail tickets, the recipient should be National Rail or your travel agent.

  1. Suspicious calls or texts

You can get real texts from a company, but with phishing, they come from unfamiliar addresses and suspicious numbers. The spoofed site will also have the wrong numbers. By verifying the number through search, you can detect scammers trying to get you to transfer funds to their account.

If you receive a call and are being asked to provide some information, such as your name, date of birth, password, or texted code, don’t give them anything in response, because you can’t be sure you’re talking to a company representative, not a scammer. Instead, ask for the employee’s internal extension and call back. Scammers will do everything they can to dissuade you, citing urgency or the threat of losing all your money if you don’t answer right away.

  1. Differences in site design

It’s very difficult to make a complete clone of the website for a major payment system, bank, exchange, or online store. That is why scammers typically copy only a few pages that will lead their victim to the payment part. There are often no sections at all on these sites, or they don’t open or turn out to be blank.

How to Avoid Scams

The recommendations for combating phishing are universal. They include five simple steps you need to take if something seems suspicious.

Step 1. If you are looking to make a purchase or payment, rather than just browsing or reading, don’t follow links from emails or messages. It’s better to find the site yourself through search. Verified and real sites will be in the first few search results, and the search engine (say, Google or Bing) puts a special symbol to mark verified sites.

Step 2. Before heading to payment, check the URL in the browser’s address bar. If, for example, instead of CEX.IO you see something like CEEX.IO or CEX.RO, someone’s trying to trick you. Go to the site you need directly by fixing the URL. Also check the site’s certificate by clicking to the left of the address bar. An unexpired, high-level certificate guarantees that you are on the real site.

Step 3. Carefully read through the payment form before inputting your card information. Check not only whether the amount is correct, but also the name of the bank and the recipient. If instead of the seller company’s name the recipient field shows some questionable company or even a private individual, do not proceed with payment.

Step 4. Click into various tabs on the site. Make sure they actually work and have real information, not just the payment form. In addition, browsers typically warn users of insecure connections, suspicious sites, and other threats. Don’t ignore these warnings.

Step 5. If you receive a sudden call or message from employees of a service, payment system, exchange, or bank, don’t provide personal information over the phone. Call the company back, using the numbers they list on their official site, and get it taken care of yourself. And if you realize that you’ve already shared personal data without verifying the person on the other end, change your username and password for the site, just in case.

Latest blogs

Simon Black Awaken Intelligence

Boom or Bust: How the Financial Services Sector is Coping

Covid-19 has had an impact across all industries and businesses are feeling the sting. However, is it equally devastating within every sector? As industry and individual concerns grow during the inevitable economic crisis, financial services are Read more »

n/a n/a

Tips on How to Successfully Trade CFDs

A CFD or contract for difference is a financial product that allows a trader to speculate on asset classed without owning a portion of the underlying asset. A CFD trade is not an investment but high-risk speculation that carries the risk of losing Read more »

Patrick McKinney and Joe Fuchs Wolters Kluwer Finance, Risk & Regulatory Reporting

Building an Integrated Data Management System: A Guide for Digital Banks

Digital banks and other FinTechs are emerging as more nimble competitors to established legacy banks. The digital banks that are on their way to becoming fully chartered have the opportunity to setup fully automated processes and systems without Read more »

n/a n/a

How COVID-19 Is Ushering In a New Era of Cashless Technology

  Image source:   Cashless technology isn't a completely fresh concept. People have been using credit cards for decades, and the market for fintech services has been Read more »

Jean Shin tyntec

Using WhatsApp for 2FA is the Future of Banking

From user authentication and password resets to transaction verification, two-factor authentication (2FA) offers basic but useful protection for consumers. The 2FA process typically sends an SMS sent to the customer with a one-time password (OTP). Read more »

Related Blogs

Gary Williams Spitch

Why Speech Speaks Volumes in Banking Fraud Prevention

While many consumers have migrated to digital banking for everyday transactions, there are instances where a person is required to phone their bank or credit card provider to deal with urgent or complex enquiries. Similarly, there may be cause for a Read more »

Fraser King Vodafone Business

Protecting the End-user at All Costs: How to Stop Cyber Fraud on Mobile

In an age of large-scale data breaches and advanced social engineering tactics, it’s clear that the fight against cybercrime never stops. This has only been amplified by the coronavirus pandemic, which has provided fertile ground for cybercriminals Read more »

Tom Kellermann VMware Carbon Black

Modern Bank Heist: from smash and grab to hostage situation as cyberthieves evolve

The financial sector is historically one of the most secure industries in the world. It needs to earn trust and convince customers that their hard-earned money is safe. Nevertheless, the fact that banks are guardians of the one thing cyber criminals Read more »

Mikkel Stegmann Fingerprints

Convenience + Security: The Maths of Multi-Modal Authentication

For today’s efficiency-loving consumers, convenience is more important than ever. When it comes to unlocking our smartphones, for example, the hassle of having to remember PINs and passwords has been long discarded in favour of quick and easy Read more »

James Richardson Bottomline Technologies

Payment Protection for the Modern Age

Modern cybersecurity professionals have succumbed to an arms race with criminals as corporate defence spends balloon, attempting to keep pace with ever-evolving infiltration and extraction techniques. As expenses grow, dangers continue to mount. In Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel