Phishing is such a big problem that this is the third article we’ve written about it in under three years – that's how seriously we take it and unfortunately, how effective phishing is for scammers. The reality of life now is that there are countless people out there trying to trick you into handing over your passwords or multi-factor authentication codes so they can log-in to your accounts and make your life a misery for their financial gain.
We've all seen the stories in mainstream media of people's bank accounts being drained, loans taken out by scammers without the person named on the loan knowing about it, or credit cards used on shopping sprees. These events can impact anyone, but sex workers have an extra layer of special hell a successful phishing attempt can enter them into.
If someone were to take over your online profiles, pretend to be you and take customer money via sales or deposits, that would obviously be a BAD THING for not just you, but also your customers. Your reputation would take a big hit – not only do you have to start from scratch with a new online profile, but clients would be sceptical if who they're communicating with is really you or another scammer.
For more detailed information on phishing, check out my article Phishing 101. It goes over the multitude of ways scammers lie to you, hoping you slip up and give them passwords or multi-factor authentication codes. By far the most common way to get phished is via email. Scammers love email as it costs them practically nothing to send, can be automated for mass mailouts, and can blend in very well with legitimate emails.
How to spot a phishing/scam email
Most of the time there's a little quirk in these emails that gives away it's not from a real source. Here's what to look for as a sign an email may not be from who it says it is:
Spelling and bad grammar – this is usually the fastest way to spot a fake email. If they've spelt your name or the business name wrong, or the tone and grammar in the email are off, it's probably not genuine.
Urgent calls to action or threats – sex workers are particularly susceptible to this due to the stigma around sex work. Someone might pretend to extort, shame, or out you if you don't click a link or hand over information immediately.
Unusual URLs – if you've clicked a link, double check the website you're taken to is legitimate by viewing the URL (aka web address) and checking that it matches the real web address.
Poor image quality – logos or photos stretched out or really small along with low resolution graphics that look out of place are hallmarks of a lazy scammer.
Unexpected email – If you’re normally billed for something monthly/yearly and it's not time for that payment, but the company is asking for payment now? Probably a scam.
Coupons/free gift – chances are your bank or Walmart or Bunnings aren't giving away free stuff at random, you're not that lucky!
These are just the most common tells of a scam email. For more information on how to identify scam emails, the following resources are worth checking out:
What to do if you receive a scam email
It’s healthy to be sceptical when it comes to phishing emails as there’s a high chance the email you’re suspicious of is a scam. If you’ve done your due diligence and you’re still uncertain about a particular email, contact the business or person directly and ask about it. Do not use the contact details in the suspicious email – that could be part of the scammer's plan. Instead, find the real contact details and talk to them directly.
If you do end up clicking through or handing over personal details only to find out shortly after it was a scammer, don't panic! Shit happens, let's just deal with it. This guide from the Australian Signals Directorate's Australian Cyber Security Centre on what to do if you've been hacked or scammed is a valuable resource.
Phishing is only one piece of the puzzle
Even while keeping this information in mind, every now and then an email comes in that is a fake but doesn't do any of the above, and you get sucked in. Even the most cautious of cybersecurity experts will admit they've seen a phishing email that tricked them!
I say this in almost every article I write here, but you also need to keep your online security tight by doing the following:
- Strong, unique passwords & use a password manager
- Enable multi-factor authentication everywhere
- Secure your email and use unique email addresses for each service
That way, even if you do succumb to a phishing attempt, the scammer will have a hard time and won't be able to use the same information they stole on your other online accounts!
Got a tech question for Ada? She wants to hear from you!
Ada answers all your questions about tech, the online world, and staying safe in it. No question is too silly, no hypothetical is too far-fetched! Learn to leverage devices, systems, and platforms to your benefit.