Jay Calvert Scams, Tips and Tricks

How to Spot Phishing Scams: 4 Tips to Stay Safe

What is Phishing?

“the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” – Oxford Dictionary

Phishing scams are normally done through emails. If it is via Text Message, they have a name for that, called Smishing short for SMS Phishing. And if it is via Telephone, they call that Vishing, for voice phishing.

Phishing Scams

These are the emails that are trying to trick you into giving up your personal information, like login credentials, credit card number or bank account information. They usually come in the form of a message from a trusted service, like your bank, or other service you might use, or possibly warning you of a problem with your computer. Either way, they are all tricks. Lets get into them.

Let’s say you get an email that has the following message with in it

First reaction, you would panic, right?! You need access to your money – and this was probably sent Saturday afternoon, right after the banks closed for the weekend – what are you going to do?

1. Stop, Pause and Think

Well, before we click on that button, lets remember the 4P’s of Fraud and take a pause.

They are Pretending to be from TD Bank, they introduce a Problem with your account, they Pressure you to act immediately and validate your account, and you will Pay if you click that link.

The 4 P’s will help you before you click on any links or buttons in the email. Stop and think of the 4 P’s for every email you get, especially if you want to react immediately.

2. What Other Clues Do We Have?

Once you have paused for a minute start taking a look around

Who Sent It?

Take a look at the four samples below…The From Field can show just the sender’s name or the email address, or both. You need to pay attention here.

a)b)
c) d)

Look at the first line in each example, these are all examples of how the email can be shown in your email viewer. Looking at a), it just shows TD Canada Trust, with no actual email address, if you happened to mouse over that field, it will show you the email address it really sent with.

Looking at b), here we see TD Canada Trust, with an email address in brackets, this is the real email address it sent with. Think TD would email you from a gmail.com account?

Looking at c), this one shows [email protected] in the From field, followed by that gmail account again in brackets. Here they are trying to trick you by putting in a real email address in the From name part of the From field.

Now, for d) this one just shows the email address, but it is actually the name portion that is displaying, mousing over the From field, will display it’s real email address.

Easy To Be Fooled Isn’t It?

As you can see, it is tricky how they manipulate the system isn’t it. You probably won’t think twice for a) and d), they both look legit at first glance, the others you might be able to catch, but with a little practice you will.

Email clients have been training us wrong all these years, if you look at your inbox now, with all the emails you have received, you probably only see the names listed.


So the first thing you see is an email from TD Canada Trust in your inbox, with the subject with one of those big red exclamation points beside it indicating something is wrong and you need to take a look immediately. Right off the bat, you are on guard and ready to resolve whatever the issue might be.

3. Where Do the Links Take You?

Next we check in the body of the email, hover over any links or buttons. You should see a pop up showing you where it is going to take you.

Now, that doesn’t look like the site you normally go to right? Well, let’s just peak behind the curtain of that site and see what would have happened, if you did click on it.

It takes you to a site that looks just like TD Bank’s Login page. An exact replica! Look at the address bar, that isn’t TD.

What this is, is a fake landing page. They do a masterful job of mimicking the real sites, you can even use all the other links, they take you to the right place, on the real site, but that Username or Access Card and Password field, they don’t go to TD Bank. You enter your details and click enter or press the Submit button. You get a message that the login failed. In the meantime, you are then redirected to the real TD Bank website and get the exact same login page again. This time you can login in just fine.

The Scammers Have What They Wanted

When you logged into the site via the scammers fake site, you handed over your login details to your bank to the bad guys. The site then refreshed, and you ended up on the real site, a real switcharoo just happened right before your eyes. You might think at this point that something smells fishy (phishy), but you look up at the address bar, and you see https://authentication.td.com/, the real site. And you might think you were being over cautious for a reason.

The Best Course Of Action

  1. Think of the 4 P’s.
  2. Always verify who the sender is.
  3. Never click on links or buttons in emails without first pausing and hover over the link to see where you are going first. Or, just don’t click on links or buttons in emails period.
  4. If you are unsure and want to verify, don’t click any links or buttons in emails. Always login to the site the way you normally do, via the bank’s real website.

Remember these emails can come from anybody and have any sort of message within that is trying to get a reaction out of you without thinking first. It might be from the bank, like our example, but it can pretend to be from Canada Services, Canada Revenue Agency, from Netflix, from anywhere…. you can never tell. If they are telling you there is a problem, or that you have to update your billing details, or you just need to confirm something, anything that smells, well, phishy, pause, and take a few moments for your safety.