Your bank sent an email warning that your account may have been compromised, and wants you to click on a link to confirm your identity. Your email provider is closing accounts and wants you to log in and confirm that you still want your account. The emails and websites look legit, but how do you know if they really are? Can you tell the difference? Are you willing to put your knowledge to the test with a quick quiz?
OpenDNS, a content management provider, recently released a phishing quiz to help people learn to spot a phish. Before we move on, click the link below and see how you do, then return to this page for some tips on how to outsmart a phish in the future. I’ll warn you though, it was a pretty tough quiz even for me.
How did you do? If you got them all right, good for you. If not, here are some red flags that can tip you off to a potential scam.
No https – Any website asking you to enter personal information should use secure https. Look in your address bar and see if the site you are visiting starts with https://, if not, it’s probably a scam.
IP Address Instead of Domain Name – You should always see a domain name, Google.com for example, not an ip address like 18.104.22.168.
Misspelled Domain Name – Spammers and Phishers love to use addresses of well-known companies with common misspellings. Gooogle.com for example.
Incorrect Domain – Make sure that the site you are on is on the right domain. For example:
In both examples I bolded the actual domain. The real domain will always be between the https:// and the first back slash /. Read this from left to right. The last domain on the right (before the first back slash) is the real one.
Scare Tactics – Be wary anytime a site or email warns that your account is about to be closed, has been compromised, etc.
Different or Outdated Design – Again, use caution when a site looks different than it normally does. This could just be a redesign, or it could be an old version of the site that a scammer downloaded.
Low quality images – Often, a scam site will be hastily built using images that are low quality or just don’t look right.
Asking for too much information – Whenever a site asks for more information than you feel comfortable giving out, don’t be afraid to call the company directly and speak to a representative. Don’t use the “contact us” link on the potentially fake website.
Now that you’ve been armed with some additional knowledge, try taking the test again.
How did you do this time? Better? Here are three more bonus tips:
Use a content filter – OpenDNS Family Shield is free and easy to set up. Not only will it protect from objectionable material, but also known phishing and virus distribution sites.
Don’t click on links in suspect emails – Type the company’s web address directly into the address bar.
Keep an eye on bank statements and credit reports