The “Hover Check” & Beyond: Spot Phishing Scams Quickly and Protect Your Identity

By admin | December 26, 2024

Identity theft remains a serious and growing concern worldwide. According to the Federal Trade Commission’s (FTC) 2022 Consumer Sentinel Network Data Book, the agency received 1.1 million reports of identity theft that year—making it one of the top categories of consumer complaints for the third year. The Identity Theft Resource Center (ITRC) also observed a rise in data breaches exposing personal information, further fueling identity theft risk.

Cybercriminals are constantly refining their techniques to trick people into revealing sensitive data. But with a few key precautions, you can protect yourself from becoming the next statistic.

Phishing: More Dangerous Than Ever

One of the most common ways criminals steal your information is through phishing—deceptive emails or text messages designed to look like they’re from trusted companies or government agencies. Fraudsters now use advanced tools (including AI) to craft highly convincing messages, so it’s more important than ever to stay vigilant and double-check any suspicious communication.

Example of a Recent Phishing Text

Below is a real-world example of a suspicious text message one of our colleagues received:

From: +63 961 363 0064
Message:
“U.S.Customs: You have a USPS parcel being cleared, due to the detection of an invalid zip code address, the parcel cannot be cleared, the parcel is temporarily detained, please confirm the zip code address information in the link within 24 hours.

https://informed.deliveryzdc.top/

(Please reply with a Y, then exit the text message and open it again to activate the link, or copy the link into your Safari browser and open it) Have a great day from the USPS team!”

Red Flags:

  1. Suspicious Number: The international code “+63” is for the Philippines—not a U.S. government or USPS number.
  2. Unfamiliar URL: The domain name “deliveryzdc.top” doesn’t resemble any official USPS or U.S. government site.
  3. Odd Instructions: Legit agencies don’t typically ask you to “reply with a Y” or reopen the text to activate a link.
  4. Mixed-Up Branding: The message references both “U.S. Customs” and “USPS” in a confusing manner.

If you get a similar text (or email), do not click the link and do not reply. Instead, consider blocking the sender and deleting the message. If you suspect you have a legitimate package issue, go directly to the carrier’s official website or use a known tracking number.

The “Hover Check” for Emails

While texting scams are on the rise, email phishing remains the primary way criminals attempt to steal data. A quick and easy way to spot a fake email is to perform the “Hover Check.”

  1. Hover Over the Link
    • If an email asks you to “verify your account” or “update your payment info,” hover your mouse pointer over the embedded link before clicking. A small pop-up or tooltip will reveal the actual destination URL.
    • If the URL does not match the official domain of the claimed sender, it’s almost certainly a scam.
  2. Check the Domain and Subdomains
    • For instance, http://key.com.hujgf.eu might look like it’s related to “key.com,” but the real domain is hujgf.eu. Everything before hujgf.eu is just a subdomain.
    • Watch for odd domain extensions (e.g., .top, .info, or foreign country codes) and unfamiliar subdomains.
  3. Look for HTTPS
    • Legitimate login or payment pages typically use secure connections (https://). While this alone doesn’t guarantee authenticity (some phishing sites now also use HTTPS), it’s still an important checkpoint.

Why Phishing Scams Work So Well

  • AI-Generated Content: Criminals use AI to minimize typos and improve formatting, making scam messages more convincing.
  • Brand Impersonation: With official logos and color schemes easily copied, scammers can replicate the look of major companies or agencies.
  • Emotional & Urgent Language: Threats of “immediate action required” or “account suspension” prompt users to click or respond quickly before thinking.

What to Do If You Suspect Phishing

  1. Do Not Click or Reply
    • Resist the urge to respond to suspicious texts or emails. If unsure, open your browser and navigate to the official website yourself.
  2. Use Official Channels
    • If a bank, shipping carrier, or insurance company supposedly emailed you, use the official customer service contact found on your billing statement or on their legitimate website.
  3. Mark as Spam and Delete
    • Label the email or text as spam/phishing to help train your email provider’s filter. Block the sender on your phone.
    • For business emails, beware of simply blocking the address if it appears to be from an actual partner or vendor; it could be spoofed. Instead, consult your IT team.
  4. Notify Your Administrator
    • If you’re in a corporate environment, report suspicious messages to your email or systems administrator so they can update spam filters and prevent future attacks.
  5. Stay Informed
    • Keep up with the latest scam trends by subscribing to security newsletters or following reputable cybersecurity blogs. Criminals adapt quickly—knowing what’s out there helps you stay one step ahead.

Final Thoughts

Phishing attacks are no longer limited to poorly worded emails. They come by text message, phone call, social media, and beyond. Knowing how to spot red flags—whether in a link, domain name, or suspicious instructions—can protect you from falling victim.

Remember: Taking a few extra seconds to verify a message’s authenticity can save you hours (or days) of recovery if you become a victim of identity theft.

Need More Help?
Concerned about phishing attempts or want to enhance your organization’s security? Get in touch with our team at Click IT. We specialize in advanced spam filtration, system administration, and comprehensive cybersecurity solutions to keep your data safe.

Posted in Uncategorized