Another trick phishing scams use is misleading domain names. Most users aren't familiar with the DNS naming structure, and therefore are fooled when they see what looks like a legitimate company name within a URL. Standard DNS naming convention is Child Domain dot Full Domain dot com; for example, info.LegitExampleCorp.com. A link to that site would go to the "Information" page of the Legitimate Example Corporation's web site.
A phishing scam's misleading domain name, however, would be structured differently; it would incorporate the legitimate business name, but it would be placed before the actual, malicious domain to which a target would be directed. For instance, Name of Legit Domain dot Actual Dangerous Domain dot com: LegitExampleCorp.com.MaliciousDomain.com.
To an average user, simply seeing the legitimate business name anywhere in the URL would reassure them that it was safe to click through. Spoiler alert: it's not.
4. Poor spelling and/or grammar
It's highly unlikely that a corporate communications department would send messages to its customer base without going through at least a few rounds of spelling and grammar checks, editing and proofreading. If the email you receive is riddled with these errors, it's a scam.
You should also be skeptical of generic greetings like, "Dear Customer" or "Dear Member." These should both raise a red flag because most companies would use your name in their email greetings.
5. Are you threatening me?
"Urgent action required!" "Your account will be closed!" "Your account has been compromised!" These intimidation tactics are becoming more common than the promise of "instant riches"; taking advantage of your anxiety and concern to get you to provide your personal information. Don't hesitate to call your bank or financial institution to confirm if something just doesn't seem right.
And scammers aren't just using banks, credit cards and email providers as cover for their scams, many are using the threat of action from government agencies like the IRS and the FBI to scare unwitting targets into giving up the goods. Here's the thing: government agencies, especially, do not use email as their initial means of communication.
Phishing scams continue to evolve
This is by no means a comprehensive list. Phishing scammers are constantly evolving, and their methods are becoming more cunning and difficult to trace. New tactics include this frighteningly effective Gmail attack, end-of-the-year healthcare open enrollment scams, low-priced Amazon bargains, and tax-season attempts.
Sign up for CIO Asia eNewsletters.