Phishing - How to Recognize Fake Emails and SMS

Phishing is the most common type of cyberattack. Criminals impersonate known companies - banks, couriers, government offices - to steal login data, card numbers, or infect computers. Every year, people lose millions to these scams.

How Does Phishing Work?

1. You receive a message (email, SMS) that looks official
2. The message triggers emotions: fear, urgency, curiosity
3. You click a link leading to a fake website
4. You provide data that goes to criminals

Most Common Scenarios

"Package Surcharge"

"Your shipment is waiting. Pay $1.50 to receive it: [link]"

Truth: Courier companies don't send SMS requesting payment through suspicious links.

"Blocked Bank Account"

"We detected suspicious activity. Log in to unblock: [link]"

Truth: Banks never ask you to log in through email/SMS links.

"Tax Refund"

"You're entitled to a $200 refund. Click to claim: [link]"

Truth: Tax offices don't send such messages.

"Invoice to Pay"

"Attached is an invoice for payment. [attachment .zip]"

Truth: Unexpected invoices are often malware in disguise.

How to Recognize Phishing?

1. Check the Sender

• Hover over email address - is it an official domain?
• yourbank.com vs yourbank-secure.xyz - spot the difference!
• SMS from random number instead of company name

2. Look for Language Errors

• Typos, strange grammar, automatic translation
• "Dear Customer" instead of your name
• Mixing languages

3. Urgency and Threats

• "You have 24 hours or your account will be deleted"
• "Immediate action required"
• "If you don't pay, the case goes to court"

4. Suspicious Links

• Hover WITHOUT clicking - check where it leads
• Shortened links (bit.ly, tinyurl) are red flags
• HTTPS doesn't guarantee safety - scammers have it too

5. Request for Sensitive Data

• Bank NEVER asks for password via email/SMS
• Nobody needs your card CVV over the phone
• Social security numbers, passwords, SMS codes - don't share!

What to Do When You Receive a Suspicious Message?

1. Don't click any links
2. Don't open attachments
3. Don't reply to the message
4. Verify by calling official number (not the one in message!)
5. Report phishing to relevant authorities or your bank

What If You Already Clicked?

You provided bank login credentials:

1. Immediately call bank and block account
2. Change banking passwords
3. Check transaction history

You provided card details:

1. Call bank - cancel the card
2. Check transactions
3. Consider filing a police report

You downloaded an attachment:

1. Disconnect computer from internet
2. Run antivirus scan
3. Consider specialist help

How to Protect Yourself

• Verify through official channels - call the bank, log in through official website
• Use password manager - different password for each service
• Enable 2FA - additional login confirmation
• Update software - security patches are important
• Be suspicious - if something seems too urgent, check twice

Phone Phishing (Vishing)

Scammers call pretending to be:

• Bank employee
• Police officer
• Microsoft consultant

Remember:

• Bank NEVER asks you to install programs
• Police doesn't inform about investigations over phone
• Microsoft doesn't call about "virus on your computer"

Summary

Phishing relies on emotions and rush. Always:

• Stop and think
• Verify through official channels
• Don't provide data through message links

Have doubts about a received message? Contact us - we'll help assess if it's a scam.