How to identify and avoid phishing scams: A guide for safe online transactions

Toluwani Omotesho


We’re days away from the second most wonderful time of the year — Black Friday. But as we take advantage of the many discounts to finally clear our carts, we should be careful not to fall victim to phishing websites that can steal your card or bank details to make unauthorized transactions.

This post tells you everything you need to know about phishing and how to recognize and prevent these scams.

What is Phishing?

Phishing scams are one of the most popular forms of cyberattack where a scammer disguises as a credible site, person, or organization to access your device, personal information, or banking details. The stolen information can be used to commit fraudulent activities, including unauthorized purchases.

There are different types of phishing scams, each with different goals. These include:

1. Email Phishing:

These types of emails impersonate banks, loan providers, or e-commerce websites. If you pay attention, you’ll notice that these emails come from unofficial email addresses or the domain name of the organization it claims to be from is misspelled, for instance,

Some easy pointers to recognize a phishing mail are:

  • They usually contain spelling or grammatical errors.
  • They ask you to click on links or open suspicious attachments.
  • They use generic greetings like “Good day” or “Dear customer” instead of your first name.
  • They ask for sensitive information like passwords, full name, or card information.
  • They cause unnecessary panic or fear. For instance, emails with subject lines like: “Urgent: Your account has been compromised!”

It’s best to delete these emails and block the senders or install antivirus software to scan your emails and attachments first to ensure no malicious activity.

2. Spear phishing

The targets in spear phishing are targeted towards a specific person, business, or organization, and they are typically more successful because the scammers take time to study said targets. Spear phishing emails or messages are more personalized and are designed to be more convincing. They are also often well-crafted to make it appear more legitimate.

An example of this is an employee getting a mail appearing to come from the company’s CEO asking for a password change or to open an attachment, which eventually leads to a data breach with the company’s information stolen.

Here’s how you can prevent a spear phishing attack:

  • Double-check the sender’s name and email address
  • Check the email’s format to ensure it is similar to previous ones you’ve received
  • When the information being requested over mail is too sensitive, make a phone call to confirm
  • Scan the attachment to make sure it’s free from viruses or harmful codes

3. Whaling:

This is also known as CEO fraud, as it targets and tricks CEOs, CFOs, and COOs into providing sensitive corporate data or authorizing fraudulent transactions. Whaling scams are more complex as the scammers spend months combing through the social media profiles, company websites, and news articles of the targets to create personalized emails and messages that appear legitimate.

Some ways to prevent these types of attacks are:

  • Cybersecurity awareness and training for upper management
  • Installing anti-phishing software to flag emails from outside your organization
  • Use of multi-factor authentication (MFA)
  • Double-check requests for sensitive information or financial transactions

4. Pop-up Phishing:

This type of phishing is also known as clickjacking, and it usually tricks users into installing different types of malware or convinces them to buy fake antivirus software. This is effective because phishers use malicious codes to make these pop-ups appear on legitimate websites.

You can protect yourself from this type of phishing attack in the following ways:

  • Ensure your software and browser are up to date
  • Use a pop-up blocker
  • Don’t click on random pop-ups

Other common ways to protect yourself from phishing attacks include:

  • Never send sensitive information through emails or calls.
  • Use spam filters to get rid of spam and phishing emails.
  • Install security software like Norton 360 and firewalls.
  • Don’t share your information or download files from unsecured websites; secured sites usually start with “https” and have a closed padlock icon next to the URL.

Wrapping up

With over 500k users, we prioritize ensuring your data and funds are completely safe with us; you should also take extra precaution by ignoring links and or any form of communication outside of Grey's official channels. And with the Black Friday sales just around the corner, creating your Grey virtual card offers you access to international store discounts and the peace of mind of secure transactions.

Back to top