Amber
WF
WhaleFin Login
icon
English
.
  • 繁體中文
  • English
News & Insights/Security
6 ways to spot a phishing attempt

By Amber Group 07/18/2023, 5 min read time

The term Phishing refers to a type of fraudulent email, text message, phone call, or website designed to trick users into sharing or revealing sensitive personal information such as credit card info, passwords, bank account numbers, login credentials, etc. Scammers “fish” information from users, using “ph” in place of the “f” as some of the earliest hackers were known as phreaks, where phreaking refers to the exploration, experimenting, and study of telecommunication systems. 

 

 

Source: CNBC



Common phishing call-to-actions 


Scammers usually send emails, text messages, or make phone calls to prompt users to perform specific tasks, such as:

  • Click or download content
    You may be asked to click on links or download attachments to download malware.

  • Provide sensitive information
    You may be asked to share sensitive information, including but not limited to phone calls, emails, Telegram, or SMS. 

  • Authorize a payment
    You may be asked to give the authorization to execute a transaction or any other given action, maybe under time pressure or threat.

  • Purchase something on behalf of someone else
    Your boss is suddenly asking you to purchase gift cards for her/him by clicking on a given link or providing the credit card number.

  • Use a USB sticks of unknown origin
    Sometimes phishing attacks come from USB sticks found in public places that may contain malware.

  • Any other action to provide personal information
    Any other actions that expose yourself or your personal information. 




Common channels and platforms used for phishing*

  • Email

  • SMS

  • Phone calls 

  • Social media, e.g., Twitter, Facebook, etc.

  • Community platforms, e.g., Telegram, Discord, etc.

  • AI deep fake voice or video 

 

* including but not limited to




Common red flags 

  • Suspicious links
    The message contains a link or an attachment that has a weird name, or perhaps you don’t trust the sender.

    Solution
    1) Do not click
    2) Hover over the link to visualize it without clicking
    3) You can verify whether it contains malware or any other harmful software by using Google Transparency Report (or any other reliable third-party tool) to copy and paste the link into the URL bar and run the report. When copying and pasting the link, be careful to not click on it. 4) Make sure the website is an “https” address. Read more here.

 

  • Sense of urgency/threats
    “Urgent”, “Last call”, or “Final Notice”: this is a red flag as the scammer may not want you to verify the legitimacy of the request. Also, scammers may purposefully try to make you panic or feel under stress to exploit your emotional state.

    Solution
    Try to calm down and think rationally: is the request reasonable? Why is it that urgent? Can you ask someone else around you before you take action? 

 

  • First-time senders
    Never seen that email address before but they are asking for something? You should investigate further. Oftentimes, requests may come at a later stage, i.e., after a few emails as more trust with the stranger is built.

    Solution
    1) Use Google or other websites such as hunter.io to verify whether the email server at issue belongs to a given company. For example, if you receive an email from an alleged Amber Group employee such as [email protected], be sure it is not us since we would be [email protected].
    2) Always make sure that more than relevant persons have been informed and that you don’t act on your own.

  • Spelling mistakes
    If the grammar is bumpy and the text is sloppy and if it feels like it was written in a hurry but you don’t know the sender, then be cautious – it may be a phishing attempt.

    Solution
    Ask and inquire further, or simply ignore the email if you are sure it is not relevant to you. 

 

  • Appealing to your emotions
    Scammers may be aware of your own emotional vulnerabilities and may try to exploit them to get you to open up and share personal information.

    Solution
    When it comes to sensitive information and data, or sending money to non-trusted accounts, you should try not to let emotions get in the way. Ask more questions and ask yourself whether you would do the same if you didn’t feel that way, e.g., guilty, worried, sympathetic towards a stranger. 

 

  • General greetings
    It is sent to your personal email address or phone number, but the sender did not address you personally

    Solution
    Inquire further. Who is the sender, what are they requesting, and does the email look suspicious? Inquire further by asking around and probing the suspicious scammer


Conclusion


Phishing attacks often exploit social engineering techniques to articulate requests in a way that sounds more natural and less suspicious. To sum it all up, when you receive suspicious requests, make sure you check the followings:

  • WHO: Is it a stranger, an acquaintance, or a close friend? This can help you narrow down the elements to analyze to discern a threat from a regular request. 

  • WHAT: What are they asking for? Is it suspicious or illegal? Transferring money is usually the end goal, but phishing attackers may need just a password or a code to be able to siphon money off your account. 

  • WHY: Why is it urgent? Most of the time, scammers are leveraging the sense of urgency or threat to force you to act against your interest. 

  • HOW: Are you calm and rational? Check-in with how you are feeling. If you feel anxious, try to calm down and try to avoid rushing decisions.

  • VERIFY: Verify the request. Never follow up on the request on our own – ask a relevant person with knowledge of the matter, check via phone or on Telegram, and follow protocols if in place. 

  • ACT: Take screenshots of the conversation with the scammer, of the SMS or emails received, and if possible record the phone conversations you may have or record the incoming call record. In order to take legal action, evidence will be needed. 

 

Should you have doubts or have experienced any phishing attempt by an alleged Amber employee, please do not hesitate to report it to us via email at [email protected] or by contacting your Relationship Manager.