How to recognize a phishing email and prevent the scam

The phishing (variant of fishing“fishing”) is a type of scam carried out on the internet via email which aims to get the victim to provide personal or financial data by pretending that the email comes from entities such as banks, couriers, streaming platforms you hate shopping online. Phishing emails contain links that, if clicked, put the victim at risk of downloading virus or deliver it into the hands of the scammer sensitive data, such as usernames and passwords, banking and personal data. Some phishing emails are very likely, but contain some details that help us identify them so we don't fall for them. Here's how this cyber attack works, how recognize them And what to do if we happen to get hooked.

  • 1How a phishing attack happens: the mechanism behind it
    • 1.1Other examples of phishing
    • 1.2Why is the phishing scam called that?
  • 2How to recognize and prevent scams
    • 2.1Urgency and convenience
    • 2.2E-mail address
    • 2.3The link and the logos
    • 2.4Spelling errors
    • 2.5Contacts and privacy
    • 2.6Personal information
  • 3Why this scam is effective
  • 4How to fix it if you fall for phishing
  • 5Defenses against phishing

How a phishing attack happens: the mechanism behind it

To understand the mechanism, let's take the example of an email that pretends to arrive from the famous streaming platform Netflix. The sender of this email reports “Netflix” as his first name; it shows both the logo and the writing we know, it communicates to the recipient that its subscription has expired and proposes to extend it for free for 90 days by entering your card details as collateralwithout any amount being withdrawn.

Netflix phishing email scam

By clicking on the phishing links “Extend for free” (the subscription) opens a web page that looks like that of Netflix, but is only apparently so. It's about website spoofing: a fake site created by the scammer to imitate the real one, often by placing an image captured from the real site as a background and simply adding ainterface where you can enter i data, which however will not be used to pay for the subscription, but will come delivered directly in the hands of the scammer.

don't miss this article
Piltdown man scam

Piltdown Man, the story of the biggest paleontological scam ever

Fake interface netflix phishing email scam

Even just click on the links present in phishing emails can be a danger because they could be linked to virus downloads which invade our computer and allow the scammer to steal the data it contains, sensitive data.

Other examples of phishing

There are dozens and dozens of examples of phishing emails. One of the most common – probably – is that of fake package waiting, which asks us to enter our data in order to receive it. In this case the scammer pretends to be a well-known courier company.

shipping phishing email scam

Emails like this are quite suspicious: poor graphicsthey are often written in different languages.. with a little attention we can understand that they are scams.
Others are obviously false, such as the emails where they announce that we have won awards in competitions we have never participated in.

shein phishing email scam

Why is the phishing scam called that?

Phishing it is a variant of the English “fishing”, literally “to fish”. It's no coincidence: the scammer fish for sensitive data of the victims by making them take the bait, i.e. fake emails like the ones just seen.

It can also happen via text message (it's called smishing) or voice call (vishing), but the mechanism is a little more complex.

How to recognize and prevent scams

So how are these emails made? And how do we recognize them?

Urgency and convenience

For one thing, these emails are almost always based on'urgency or on convenience. But no one gives us money and objects like “URGENT, ATTENTION!!” they are formulas used precisely for make us panicand not show us some details that would immediately make us understand that it is a scam.

urgent convenient phishing email scam

E-mail address

L'address of the sender of these e-mail and often rambling, or hidden, that is, it is not visible. However, sometimes it is very similar to the official email with minimal differences. So if possible, it should be compared with the official one of the company that is sending us the email.
However, we have other clues that help us

Also the link to which we are referred, is often strange, different from that of the official site. Or the logo: it looks like the real one but it is counterfeit, perhaps crushed or with some slightly different details.

Spelling errors

There are always some in phishing emails spelling error, even if small. This is due to the fact that emails are often generated automatically by software that translates them into multiple languages, so as to send them to users of different nationalities. However, these programs often have difficulty recognizing the Special characterssuch as accents, and the translation of some parts is missing, resulting in multiple languages ​​used in the same email.

Misspelled email phishing scam

Sometimes the email doesn't even contain actual text, but just ahuge image which, if clicked, takes us to the spoofing site or downloads a virus.

Contacts and privacy

They cannot be missing from official emails contacts And privacy at the bottom of the text. This is because if we have doubts we need to know who we can contact. In phishing cases, both or they are absentor they report completely invented and unlikely data.

Personal information

The official emails report the our name in the text. Whoever is contacting us knows who they are writing to. In phishing ones instead not always I am present and they often are not very likely.

This is especially true for banks: the official emails ALWAYS contain our name, our branch, and account access data or credit card pin are NEVER requested via email or text message, but only via the bank's official app or platform. If an email or text message seems real and worries us, the correct thing to do is to call the bank's assistance on the number found on the official website

Why this scam is effective

But how does the scammer know that the recipient's Netflix subscription has expired or is waiting for a package or is a customer of the bank he is “imitating”? The truth is, he doesn't know!

These emails they are sent to millions and millions of people: among all the recipients of the email, there will surely be someone who is a customer of that bank or subscribed to Netflix or waiting for a package. We shop online all the time.

Furthermore, unfortunately you don't need to be a professional hacker to create a fake website and it only takes one person to do it. This is not a complex mechanism, but its own simplicity that's how it is common.

How to fix it if you fall for phishing

However, anyone can fall for it. What to do in that case?

If we realize it immediately, we block the card immediately. This can be done via the bank's app or by calling support.

However, if we realize it when money has already been stolen from us, we can make a request to the bank “disavowal”, that is, we declare that the bank transaction with which the fraudster is robbing us was not carried out by us. If the bank recognizes the scam, it is possible that they will return the money to us.

However, one must be done complaint to the police – to police post – who can thus start investigations.
We can also report scam emails toAGCOM (Electronic Communications Guarantee Authority) and to GPDP (Guarantor for the Privacy of Personal Data).

postal police phishing email scam

Defenses against phishing

Two excellent ones strategies of prevention are:

  • different passwords on different sitesso as to avoid that if they steal a password from us, they can then access all our accounts.
  • enable bank app notifications for each transactionso if money is stolen from us, we notice it and can intervene.