phishing scams

How to spot and avoid phishing scams

We send and receive emails every single day. Whether that’s for work or in our personal lives, emails have become a common method of communication for us.

Due to this, we often receive a large number of spam emails in our inboxes. For instance, in September 2021, an average of 105.67 billion emails were sent daily, of which 88.88 billion were spam emails – a whopping 84.1%.

Many of these are simply promotional emails from businesses and individuals looking to sell you their goods or services. However, a significant portion of these spam emails are sent with malicious intent, such as phishing attacks.

Phishing scams are a popular method that tricks users into revealing their card or bank details online. Fraudsters who gain this information often go on to commit Card Not Present fraud (CNP), a common type of scam where the real owner of the card is not present during the payment.

To ensure your financial information remains safe, we’ve created this article to help you understand what phishing scams are, how to spot them, and how to avoid them.

Identifying phishing emails (and text messages) can be difficult, but they often convey a sense of urgency, requiring you to take quick action. They’ll usually ask for sensitive information such as credit card details or ask you to click on a suspicious-looking link. These key giveaways let you know you are on the receiving end of a phishing scam.

Whilst you can’t get rid of phishing emails from your life completely, you can protect yourself from them by first educating yourself on what they look like, using multi-factor authentication on all your accounts, and verifying a website’s security before entering any information.

But before we go into more detail, let’s take a step back and explain what phishing is.

What is Phishing?

Phishing is when scammers impersonate reputable businesses and attempt to trick users into downloading malware or clicking on a fraudulent website to steal personal or financial information.

By presenting themselves as a trusted business, users often let their guard down and follow the actions outlined in the email. These actions can include:

  • Opening an attachment.
  • Clicking on a link.
  • Filling out a form.
  • Replying to the email with certain information.

It should be noted that phishing scams can be in the form of text messages and phone calls. However, it’s most commonly associated with emails.

What is the difference between spam phishing and targeted phishing?

Spam phishing is when phishers send the same generic email to as many people as possible. Essentially, they are casting a wide net and trying to trick as many people as they can, regardless of who they are.

Since scammers don’t need to tailor their emails to a specific person, it is the easiest phishing method. As such, spam phishing is by far the most common type of phishing scam you’ll encounter.

Targeted phishing, also known as spear phishing, is when a specific email is sent to a specific target. The targets can be individuals or groups of people, such as employees of a particular business or organisation.

Since targeted phishing scams are more personalised, they require much more effort from the phisher, and as a result, they’re not as common as spam phishing emails. However, they can be harder to identify as scams due to that very reason.

Scroll back to the top ▴

How to spot phishing scams?

Spotting phishing emails isn’t always easy. Since they are designed to look like they’re sent from an actual business, it can be difficult to tell the difference between a regular email and a malicious one. Still, there are a few key things to look out for which can help differentiate between the two.

1. Emails requiring urgent action

Phishing emails typically describe a scenario that requires your urgent attention and action. Examples include security threats to one of your banking or social media accounts or an urgent fine you must pay off.

This is done to put you in a state of panic where you’re no longer thinking logically. As such, you won’t notice certain things, such as irregularities in the email, that can mark it as a scam.

If you receive one of these suspicious emails, you should first pause and take a minute to process what it says. By carefully dissecting the email, you’ll often notice inconsistencies that point toward it being a phishing scam.

2. Emails with inconsistencies

If you can find differences in the email address, the link they ask you to click on, and the website domain name, it’s a good indication that you have received a phishing attack. An example of this would be if you received an email from ‘Google’, but the link they asked you to click on was ‘Gooogle’ with three o’s.

You can verify this by moving your mouse above the link. A pop-up will appear at the bottom left of your browser. If this domain name doesn’t match up, it’s safe to say that the link takes you to a malicious website, and you should not click on it.

3. Emails that request sensitive information

As a general rule of thumb, any email that asks for your sensitive data – such as your login details, bank details, or other personal or financial information – should be treated with care, as this is a common way phishers try to trick victims.

These are often phishing attempts where the scammer will ask you to click on a link and enter your sensitive information. Once you have given the information over, the scammer will use this in identity theft.

4. Emails with grammar and spelling errors

One of the main inconsistencies you’ll notice with a phishing email is spelling and grammar mistakes. Reputable and legitimate businesses will double, and triple-check all outgoing emails for spelling and grammatical errors since mistakes like those can create an unprofessional perception of their company.

On the other hand, most phishing attacks are made by a single person whose main goal is to target as many online accounts and people as possible. As such, they’re often not as diligent with typos and grammar mistakes, making it an easy way to spot phishing scams.

5. Emails with suspicious links

A common theme you may have noticed is the use of malicious links. Most phishing scams involve redirecting you away from your email client to a malicious site called a phishing site.

Phishing email scam with a suspicious attachmentThese phishing sites often appear to be the same as the website they’re impersonating, which is why people fall for the trap. However, these websites have nothing in common with the real thing, and any information entered there will be given straight to the scammer.

6. Emails with suspicious attachments

Similarly to the point above, you may receive suspicious attachments – typically files in the form of .zip, .exe, .scr, etc. If you download these files, they will install malware on your device, which will then be used to monitor your activity and keystrokes, thus, gaining access to your accounts.

7. Emails that offer rewards and prizes

It would be silly to say no to a free prize, right? This is exactly what scammers hope for when they send you these emails.

Suppose you receive a random email about how to claim your free reward. In that case, there’s a good chance it’s a phishing email and cannot be trusted – if it sounds too good to be true, it probably is.

What are some examples of common phishing scams?

As internet users become smarter, so do phishing scammers. That’s why creating a complete list of phishing methods they use is difficult. However, there are some common emails you’ll come across. They’ll typically impersonate the following:

  • A ‘friend’ asking for financial help
  • Your bank provider notifying you of a security breach that requires your verification
  • A government agency informing you of a tax rebate
  • A charity asking for donations
  • An investment platform with an investment opportunity
  • A lottery association telling you to claim your prize

How to avoid phishing scams?

The quantity and frequency at which you receive phishing emails are largely out of your control – it’s simply bound to happen. However, there are some things you can do to minimise how many you receive and how to avoid falling victim to them.

1. Know what a phishing scam looks like/know the signs

phishing scam with unknown filesOne of the best things you can do to protect yourself from phishing scams is to be educated on the topic. We’ve already gone through how to spot them and some common examples of what they look like, but that doesn’t mean you shouldn’t keep up to date on current phishing tactics.

Scammers are constantly evolving the methods by which they look to trick people. Therefore, the best way to prevent phishing scams is to know what to look for, and you can do this by keeping tabs on new phishing trends.

2. Use multi-factor authentication

Multi-factor authentication is when a user must pass two or more security checks before access to an online account is granted. The most common example is when you try to log in with a username and password. Then a one-time passcode or PIN is sent to the email address or phone number to verify the login attempt.

Due to fraud-prevention laws and regulations, multi-factor authentication is standard practice for online transactions. However, it’s now being used by websites and apps.

If you have the option to do so, it’s highly recommended to use multi-factor authentication on all of your online accounts, as this will prevent scammers from gaining access even if they know your login details.

3. Take advantage of a password manager

Many websites ask you to make an account before making a purchase or accessing its content. For that reason, it can be hard to keep track of all your username and passwords.

Some people make the mistake of using the same password across multiple websites or making their password incredibly easy to remember – and in some cases, both. However, this makes it easy for scammers to access your accounts and information. To remedy this, use a password manager.

A password manager stores all your usernames and passwords in one place. It also recommends complex passwords that would otherwise be impossible to remember, ensuring your account is extra secure.

In addition, password managers will automatically fill in your login details when you access that particular site. Therefore, if you visit a website and your login details aren’t auto-populated, it’s a good sign that you are on a phishing site.

4. Don’t delete phishing emails

When you encounter an email you suspect to be a phishing attempt, it can be tempting to mark it as junk or simply delete it. However, a better alternative is to report it as ‘phishing’. This informs the email client to add the sender’s email domain to a blocked list, which means you will not receive any subsequent emails from that domain name again.

Reporting emails as phishing also provides data to the email client, which is then used to further improve its phishing prevention filters, ensuring you aren’t sent similar emails in the future.

5. Set up a private email address

A simple and effective tool to prevent phishing scams – but one that’s often overlooked – is to set up a private email address for all your important websites, such as online banking and bills.

Many people use the same email address for all their online accounts, which is dangerous. An email address that’s used on social media platforms, forums, and other websites can easily end up in an online directory, and phishing scammers often scour these directories for email addresses to send phishing messages to.

By keeping all your important emails restricted to a separate and private email address, you’ll significantly reduce the chance of it falling into the hands of a phishing scammer. Also, if you still end up receiving a phishing email, it will be easier to identify and block.

6. Don’t click on suspicious links

It’s fine to follow through on links when you’re 100% sure it’s from a trusted sender. However, if you have even the slightest suspicion, don’t click on it – it’s better to be safe than sorry. Instead, you can go to the website via a search engine, as this will ensure you aren’t redirected to a malicious site.

7. Verify a website’s security

You can verify if a link will take you to a secure site by hovering over it. Suppose the URL does not start with “https://”. In that case, the connection won’t be secure, and you should not enter any sensitive information on the website.

Another way to check whether a website is secure is to see if it has a closed padlock sign next to the URL. Checking whether the website you’re visiting has a closed padlock and “https://” in its URL is a good habit to get into, and you should do it before submitting any kind of information on all websites.

This is particularly relevant for when you’re shopping online as you’ll be entering your debit or credit card details onto the website.

For additional security and protection against payment fraud and data leaks on the internet, you can use a virtual card. Virtual cards have tokenization, meaning the card number is obscured, making it impossible for scammers or hackers to acquire your card details.

8. Utilise anti-phishing tools

You can now download free anti-phishing add-ons to your browser to help identify online scams. Anti-phishing add-ons will flag a website if they believe it exposes you to a phishing attempt, which can act as an extra layer of protection.

9. Install antivirus software

On a similar note to the point above, installing antivirus software can help you identify when you’re on a malicious website, or when a program or website has attempted to download suspicious software onto your device. As such, it provides yet another layer of security as you browse the internet.

10. Update your browser immediately

Requests to update your browser can come at an inconvenient time, and we’ve all been guilty of ignoring them every now and then. However, they’re essential for your cyber security.

Most browser updates improve their ability to detect and prevent phishing attacks, viruses, spyware, adware, trojans and more. Thus, they improve the overall security of your device.

By not updating them on time, you could open yourself up to phishers and hackers who have found a way to exploit the browser’s system.

11. Leave the pop-ups alone

This advice has been around since the start of the internet, but don’t interact with pop-ups. Although pop-ups can just be advertisements, they are used for malicious purposes in many cases.

They either masquerade as legitimate websites to entice users into entering personal or financial information, or they can often result in malware being downloaded onto your device – both of which can be equally damaging. Therefore, it’s best to steer clear of pop-ups and click the ‘x’ button to close them.

To avoid pop-ups being shown in the first place, there are many well-known and reputable ad-blockers that you can download as an add-on for your browser.

Scroll back to the top ▴

Final thoughts

Whether we like it or not, we will be on the receiving end of a phishing scam. It’s just one of the many ways in which scammers try to deceive users into revealing sensitive information, such as bank and card details.

By posing as a legitimate business and often asking you to take urgent action, they attempt to use your trust and good nature against you. However, these scams aren’t foolproof.

In recognising the tell-tale signs outlined in this article, you’ll be able to identify a phishing scam and prevent yourself from falling victim to them.

phishing scams

Credit card fraud: Five scams to watch out for

Contactless payment was introduced to make our lives more convenient. Unfortunately, as technology evolves and becomes more sophisticated, so do scams. Research has found that payment card fraud (which includes debit and credit cards) is one of the most common types of fraud in the UK, affecting around one in five people.

Scammers are constantly coming up with new and inventive ways to steal our money. This is why it’s so important to be aware of the latest credit card scams and recognise the signs before your money is taken.

If the worst does happen, your credit card company may be able to reimburse you. But considering the time and hassle that’s involved in getting the money back, it’s best to do everything you can to ensure you’re not a victim of credit card fraud in the first place.

With that in mind, we’ve written this article, which reveals five credit card scams to watch out for and lists some credit card fraud warning signs. With European Cybersecurity Month well underway, what better time to brush up on your credit card security knowledge? We will also give tips on how to protect yourself from credit card scams and explain what to do if you fall victim.

What credit card scams should I watch out for?

Card not present fraud (CNP) is a common type of fraud affecting credit and debit card owners. CNP happens when card and personal details are stolen and used to make fraudulent payments without the card owner’s consent. When payments are made online or over the phone, it’s harder for retailers to confirm that the person making the payment is the card’s true owner.

In Europe, CNP accounted for 79% of the total value of card fraud in 2018 and 76% in the UK in 2019. Fraudsters will often use phishing and skimming scams to gain card details to commit CNP. With phishing scams, you’re tricked into disclosing your credit card details. When it comes to skimming, scammers will use a device to steal your credit card details.

Your credit card details can also be stolen over an unsecured Wi-Fi network. You should also watch out for online shopping and charitable donation scams, where your information is obtained by false pretences.

Continue reading to find out more about these credit card scams and how they work.

 

Five credit card scams to watch out for

1. Phishing

Phishing is when a scammer contacts you via phone, email or text message and tricks you into disclosing your credit card details or other personal information.

In many cases, the scammer will pretend to be from a well-known company you already use and will be urgent in tone to get you to act quickly. For example, you might get an email from your “water supplier” saying that you need to update your payment details quickly; otherwise, your supply will be cut off. When you click on the link in the email, you will be taken to a clone of your supplier’s website, which looks the same but steals your credit card information.

These types of scams often target older people, who are more vulnerable because they tend to be less technologically savvy.

2. Skimming

In skimming scams, fraudsters attach devices to credit card readers and payment terminals, such as ATMs, in order to collect your credit card details. The scammers will then sell the information on or use it to make duplicate credit cards.

Credit card companies like Visa and Mastercard have tried to combat this by installing chips to prevent physical scans. However, skimming is still one of the most common methods of credit card fraud.

3. Online shopping

This credit card scam involves fake eCommerce websites, which look like legitimate online shops that ask you to enter your details to pay for items you never get.

While some websites will only accept payment methods like cryptocurrency or wire transfer (which are harder to reverse), the ones that do allow credit card payments are able to steal your credit card data.

These websites are often extremely convincing, featuring trademarks, professional imagery and the “https” lock symbol in the URL.

Another way fraudsters target online shoppers is by manipulating those who are looking for deals. Sometimes, this scam takes the form of an email that contains a bogus link, which, when clicked on, triggers a malware download for scammers to access your credit card details. Again, the email or text message will look professional and legitimate.

4. Unsecured Wi-Fi

Another common credit card scam is where fraudsters either monitor an unsecured public Wi-Fi network or create their own network to lure in members of the public.

When you try to connect to the network, you will be prompted to enter your credit card details to gain access, which the scammers will steal there and then, or your device will be infected with malware so hackers can access your data later.

5. Charitable donations

After a world disaster like a flood, a hurricane or a declaration of war, you might receive a phone call or an email from credit card scammers pretending to be from a charity like the Red Cross or the Salvation Army, asking for donations to support relief efforts. This is a particularly cruel scam because it tugs on people’s heartstrings and plays on the fact that they want to do something to help others in a time of crisis.

These types of scams are also presented in an urgent manner to get people to part with their money quickly before they’ve had time to consider the fact that it might not be a genuine appeal.

Scroll back to the top ▴

Credit card fraud warning signs

While it’s not always possible to identify a credit card scam, there are some red flags to look out for:

  • Alerts from your bank — Be especially vigilant if your bank or credit card company has messaged you recently to warn you of new or increased credit card scams. They will also message you directly if they detect suspicious activity on your account. However, scammers will sometimes message people pretending to be their bank. If you’re at all suspicious, it’s important to remember that a legitimate bank will never call you up and ask for sensitive details like your PIN or password or ask you to move your money to another account.
  • Suspicious activity on your account — Go through your credit card statements and take note of any charges or transactions you don’t recognise. Sometimes, fraudsters will take smaller payments before stealing larger sums. This particular type of scam is called ‘carding’.
  • Unknown email addresses and phone numbers — If, for example, your “bank” emails you and asks you to click on a link, go through your previous correspondence to check that the email address is one they’ve used before. If you are unsure as to whether their contact details are legitimate, don’t reply to that email address. Instead, you should look up the company’s contact information and initiate an email or phone call yourself.

How to protect yourself from credit card scams

To reduce your risk of falling victim to credit card fraud, there are some measures you can take:

  • Never click on links or download email attachments if something looks off or you don’t recognise the sender.
  • Be wary of urgent calls or messages asking you to hand over your personal details.
  • Look for signs of tampering or misuse when using ATMs or credit card readers — especially those that are unattended.
  • Switch to contactless or mobile payments rather than using physical cards.
  • Check your credit card statements regularly and notify your credit card issuer if something doesn’t look right.
  • Set up alerts on your credit card accounts, so you’re notified of a purchase you didn’t make straight away.
  • Check your credit report for any credit card or loan applications you didn’t make.
  • Avoid using Wi-Fi networks with names like “Free Public Wi-Fi”.
  • Never enter your credit card details to gain access to an unsecured Wi-Fi network.
  • When using public Wi-Fi, avoid online banking and online shopping.
  • Install antivirus software on all your devices and install a VPN if you regularly use public internet.
  • If you’re contacted by a charity asking for help, research the cause before you donate any funds.
  • If you receive a call from a suspicious phone number, search the number online by putting quotation marks around it to see whether it has been identified as a scam caller.
  • Avoid answering calls from “Unknown” or “No Caller ID” numbers.
  • Set up multi-factor authentication to secure your credit accounts.

You can also protect yourself from credit card scammers by using a virtual prepaid card instead of a regular credit card. When paying online using a Getsby virtual card, your personal payment details remain protected.

These cards have an extra layer of security, thanks to Mastercard 3D Secure and tokenization, which converts your card number into a Token ID so fraudsters can’t access it. And for even more security and peace of mind, you can even use a disposable prepaid card to make a one-time purchase.

reduce credit card fraud with a virtual prepaid card

Scroll back to the top ▴

What to do if you fall victim to credit card fraud

woman holding credit card and phoneIf you are the victim of a credit card scam, it’s important not to blame yourself. These scams can be incredibly sophisticated and well-organised and often involve teams of people. And remember that you won’t have been the only person to have been taken in.

You’ll also be relieved to know that there are some ways you can take control of the situation. You can be proactive about trying to get your money back and holding these criminals to account by doing the following:

  • The first thing to do is to speak to your credit card issuer and — if they are not already aware — let them know you are a victim of fraud. Most financial institutions will have a dedicated fraud team who are specially trained to deal with these types of scams and will be able to offer you assistance.
  • Report the scam to the three major credit bureaus (Equifax, Experian and TransUnion in the UK) so that the fraudulent activity doesn’t show up on your credit report and damage your credit score.
  • Report the scam to Action Fraud, which is the UK’s national reporting centre for fraud, or the police.
  • Change all of your passwords as soon as you become aware of the fraudulent activity.

 

Summary: Credit card fraud — scams to watch out for

One of the most common credit card scams is Card Not Present Fraud (CNP). Scammers often use tactics like phishing, where you’re tricked into disclosing your credit card details and skimming, when scammers use a device to steal your credit card details to commit CNP. Your credit card details can also be stolen over an unsecured Wi-Fi network, and you should also watch out for online shopping and charity scams, where your information is obtained by false pretences.

These scams are often incredibly sophisticated and well-organised, with teams of people involved. This means it’s not always possible to identify a credit card scam. However, there are some red flags which could indicate there might be something untoward going on. These include alerts from credit card issuers warning you of new or increased scams, suspicious activity on your credit card account and being contacted by unknown email addresses and phone numbers.

To reduce your risk of fraud, you should never click on links or download email attachments, check your credit card statements for suspicious activity and avoid answering calls from unknown numbers. If, however, you do become a victim of fraud, you should speak to your card issuer, report the scam to the authorities and change your login details.

 

Order your Virtual Card today