Top 8 Signs That You’re Being Phished

During the coronavirus lockdown and work-at-home revolution, phishing is a bigger risk than ever before. Phishing spawns from the dark underbelly of business communication. Anywhere there is remote communication, there is a “gap” that can be manipulated by hackers for some advantage. Even the term “Phishing” hearkens back to Phone Phreaking, a now-ancient practice of interrupting physical phone lines to intercept or send signals.

Phishing today targets professionals and individuals who rely on remote communication to do everyday tasks. AKA: Everyone. A phishing hacker lays their bait as an online message, usually an email or text, sometimes a phonecall or social media message. They pretend to be someone worth talking to. They pretend to have a reason to interact with them. Then they trick the target into doing something that hurts the target and helps the hacker.

Maybe it’s a malware infection, maybe they’re fishing for identity-theft information, maybe they’re looking to infiltrate company files. However, there are a few hallmarks of phishing that can be spotted a mile away, if you know what you’re looking for. Today, we’re highlighting the top 8 signs of (modern) phishing techniques and how to know if you’re being phished when it happens.

1) Something Breaks Your Routine

Phishers pretend to be someone you know or a service you trust, but outside of normal context. They might pretend to be a coworker who needs a quick favor (“Send me those sensitive files, would you?”) or your bank with a special security alert. Hackers rely on breaking your routine in a way that you won’t find suspicious, but they always break your routine.

Any time you get a message from an account or at a time you don’t expect, look more closely. If you get a service request or security alert, look closely. If someone you know makes an unusual request, even if it’s reasonable and believable, consider it a yellow-flag. Now check for any signs of red-flags, just in case.

2) You Feel Scared, Pressured, or Urgency

If a message makes you feel like you must urgently respond or something bad will happen, it is very likely to be a scam. Hackers try all kinds of fake emergencies, security scares, and opportunities you might miss out on. They use these tactics to motivate their targets to act quickly without thinking or checking for red-flags.

Traditional phishing tactics vary widely. Some pose as your bank or a service you use, claiming to have a problem with your account that must be resolved. This creates fear that you made a mistake and that there will be consequences. Some hacks target the business, claiming to be a boss or important client or business partner who must be appeased or there will be consequences. Hackers have even faked family emergencies.

But even a small amount of pressure (“I need this right now”) can be an orange-flag for potential phishing.

3) Clone Accounts & Reasons Not to Touch Base

Clone accounts, account dubbing, and account spoofing are all when a hacker makes a new account that pretends to be someone you know. For example, a hacker may send you an email that looks like a friend’s email with their name and picture, but the SN is one or two letters off and they won’t be in your contacts list. Another example might be contacting you through Facebook, claiming to be your boss on their personal device instead of logged into the work computer.

These clone account phishing styles often come with a reason not to check with the real person. “My email is broken right now” they might say or “I’m out of the office” or “I’m in a meeting, so don’t call”.

This pair, a new account and reason not to touch base, are a serious red-flag.

4) Prizes and Consequences

Watch out for any carrot-stick type motivation in messages you receive. Hackers use both prizes and threats all the time, often veiled behind fake customer-service positivity when using both tactics. You probably remember that any time a prize is offered, the chance of something being a scam skyrockets. In phishing, this is also true of consequences. If a message indicates that something bad will happen if you don’t respond, click, or comply, red-flag that message. Likewise for prizes and wins you didn’t sign up for.

Think about it. Normal brands don’t level threats, that’s bad customer service even if it is motivating. And if you do see a tempting opportunity in your inbox, search it independently through Google instead of clicking any links.

5) Unrequested Account Management

Any time someone offers to manage your account before you ask for it, this is a red-flag. Modern online accounts are almost primarily self-managed. What this means is that there shouldn’t be a problem or even an interaction with your account unless you’ve recently done something and requested service.

So if you get an email or phonecall about your account, this is an orange-flag, soon to be red. Especially if a real person reaches out to you. Most security alerts are automated and impersonal, as are password changes and most account management. If someone calls about your balance, calls about a security issue, sends you an unrequested offer to help with your account, do not engage. Go into your personal account management portal and assess the situation from there.

6) “Please Read Me that One-Time Code”

Never ever read a service person your one-time codes. These are sent automatically to you for automated security purposes. Customer service online or over the phone would get their own codes, if they needed them. Customer service online or over the phone will never ask for your password, your security question answers, or your emailed one-time codes.

Phishing hackers, on the other hand, really want this information. With access to your one-time codes, they can steal accounts and gain dangerous access to anything you log into. Never share your one-time codes or other security information.

7) Wrong Location

The next red-flag is the location of connection. If you have a tool or dashboard that tells you where a contact is connecting from, even just a city or state, this can instantly clue you into a phishing attempt. Hackers are rarely in the same city as their targets, though this is becoming more common. Any time someone contacts you from a new location or a new device, be suspicious. Make the effort to confirm their identity through another channel that you are already familiar with.

8) The Uncanny Valley of Communication

Last but certainly not least, watch out for any message that gives you a weird feeling. People have instincts and recognize patterns below the conscious level. Your sub-conscious could very well be seeing tiny red-flags that your rational mind has yet to grasp. In today’s hacker-prolific environment, you don’t need a reason to suspect a message and get double-confirmation. It’s always better safe than sorry and, chances are, your coworkers, family, and employers won’t mind a few extra confirmations for the sake of mutual data security.

Here at BWS Technologies, we specialize in business data and network security, including defenses against social hacking targeted at your team. Contact us today for more remote cybersecurity tips and services.