2 Tips to Avoid Being a Phishing Scam Victim
The "phishing" tactic is one of the ways a scammer steals your private and sensitive information -- especially your banking credentials. The way "phishing" works is that scammers will develop a fake website that usually looks exactly the same as an official website; and when you enter your credentials (such as passwords, credit card numbers, etc.), the information will be sent directly to the scammers. At the time of writing this article, "phishing" cases are not as frequently heard as before, possibly due to the fact that many online services has implemented stronger security measures such as the 2FA (two-factor authentication). However, scammers employing the "phishing" tactic are still very much at large. So, it is important for us as users to be vigilant and learned on ways to identify "phishing" attempts so that we do not fall victim to it.
Usually scammers will start by sending a message via e-mail or SMS (or any other communication medium for that matter) telling us to click on a link. The ruse in the message will be something that can make unsuspecting users feel obliged to follow the link: something like to secure your account by changing your password, or to fill up a form to receive certain rewards.
So, how can we identify messages with links that are actually a "phishing" attempt? Here are 2 simple tips to follow.
(1) If the website that you opened via that link behaves in an unnatural and unprofessional manner, there's a high possibility that the website is a fake one. Look at the layout and design of the website. If the font used are different than what is usually seen in the official website, or the arrangement of items are different, or the logo is different, then raise a red flag. Also, if the website forces you to download something (like a file is autoamtically downloaded without asking for your permission first), be wary. You can also try to click on the links to the other pages in the website to see if they work. Sometimes "phishing" website has only the one page working; they don't have the time and resources to copy the entire content from the official website.
(2) The most important tip: take note of the website's address (URL). The image below, taken from Maybank's official website, shows an example of a URL for a website used for "phishing" Maybank's customers. Be very vigilant and detailed; the URL is the biggest giveaway that a website is a "phishing" site.
Below is a list of examples of what the URL of a "phishing" website may look like when compared with the official website:
Official URL: maybank2u.com.my URL of fake websites: maybank2umy.com campaignmay2u.com maybank2uu.com
Be smart, be informed, and be very careful. Scammers are very cunning and creative. Usually when doing "phishing", the URL and website looks very much like the real one! Be a smart user and don't fall victim to "phishing" scammers.