Defend your funds against phishing: essential tips to identify fake emails and texts

Phishing as a cyber-attack method has a relatively high success rate; with scammers deceiving both individuals and organizations into giving up their private and valuable data. Here, we offer critical insights to help you recognize and combat these attacks, enhancing your protection against cyber threats.ย 

How to defend yourself against phishing: spotting fake emails and texts

More topics

4ff1bdd7efde92e0a6fe8697b90018b1?s=48&d=mm&r=g

Payoneer Team

What is phishing?

Phishing is a cyber-attack method that has a relatively high success rate; with scammers deceiving both individuals and organizations into giving up their private and valuable data. 

Both email phishing and SMS phishing (smishing) have become more prevalent in recent years, posing significant threats that technology alone cannot mitigateโ€”in fact, recent research from security firm Egress found that 94% of organizations have been victims of phishing attacks

Individuals and companies must be aware of the tactics cybercriminals use so they can protect themselves from this insidious threat. Unfortunately, a purely technological approach is not enough: it takes just a single click on a malicious link or a download of an infected attachment for the attack to begin.  

This is why it is essential to be aware of the tricks of the phishers’ trade.  

Here, we offer critical insights to help you recognize and combat these attacks, enhancing your protection against cyber threats. 

Key phishing statistics

  • Email and SMS phishing are the primary methods for delivering phishing attacks.
  • A 2024 Cofense study found that 90% of cyber-breaches start with an email phishing message.
  • The same study found a 104% increase in email phishing that bypasses technology defenses.
  • Proofpointโ€™s 2024 State of the Phish report found that 75% of businesses were victims of SMS phishing (or smishing).

Spotting phishing tactics

Phishing relies on human behavior manipulation. Recognizing these tactics can help you identify phishing attempts. Here are some tips on what to look out for.

Who is the message from?

  • Email phishing: Check the sender’s email address. Legitimate organizations use their own domain for email addresses, so watch out for public domains, like gmail.com. However, be careful of fake email addresses that look correct but are subtly different. Cybercriminals register similar domains to well-known brands. For example, the domain may be changed to resemble a real company, โ€œsupport@pay0ner.com.โ€
  • SMS phishing: Scammers try to mask their phone number using various tactics. One example are systems that only display the last four digits of a senderโ€™s phone number. If you notice an unusual or masked phone number, be cautious.
  • Calls: Number spoofing is used by cybercriminals to falsify caller ID information to make it appear as if the call is coming from a legitimate company. However, many network providers are now putting in measures to clamp down on this practice. 
  • Email phishing: Malicious links in phishing emails and SMS text messages lead to spoof websites. Try hovering over the link to reveal the true destination. The link address will be displayed by your email client. Check the address, does it make sense? Does the web address match the company domain? Be careful not to click on the link
  • SMS phishing: It’s more difficult to check SMS text links: you canโ€™t simply hover over the link to reveal the address. Even if the link looks legitimate, it may be a โ€œnested and shortenedโ€ link, that redirects you to another illegitimate website. In the case of smishing links, the watchword is caution

Suspicious attachments

  • Infected email attachments pose the biggest phishing risk to a business. If you receive an email with an attachment and you arenโ€™t sure where that email is from, donโ€™t open the attachment. Use the rules here to double check the email before opening any attachment.ย 

It’s just too good to be true

  • Email and SMS texts that offer gifts and โ€˜too good to be trueโ€™ offers may be phishing. Attackers prey on a sense of FOMO (fear of missing out). The email or SMS may contain a sense of urgency or a deadline. If it feels too good to be true, itโ€™s probably best to be cautious.  

Personalization

  • Check for personalization of email or SMS messages. Cybercriminals often use automated software to send out thousands of phishing emails at once. Make sure the email or SMS uses your name in the salutation.  
  • However, there is a caveat. Some phishing emails and SMS texts are highly targeted. In this case, the phishing email or SMS will be personalized, using your name. 

Grammar and spelling

  • Poorly written emails or texts may indicate phishing. However, some cybercriminals use AI tools to create convincing messages.

QR Code Vigilance

  • QR Codes are increasingly used to trick people into clicking malicious links. A US energy company found 29% of over 1000 emails contained a malicious QR code. Carefully check the web address displayed when you take a photo of the QR code. Use the rules above on fake domains.ย ย 

What to do if you spot a suspicious email or text message

If you think you may have clicked a link or downloaded a suspicious attachment and your Payoneer account might be compromised, donโ€™t wait; get it touch with us right away. 

Thanks!

Please continue to Registration.

Open account

Thanks!

Please continue to Registration.

Open account