What is a Phishing Scam?

Phishing is a type of online scam where attackers send an email that appears to be from a legitimate company, asking you to provide sensitive information. This could be in the form of asking you to reply with information, or providing a link that will take you to a website that looks legitimate, asking you to input your username and password. The website isn’t legitimate, and it immediately sends your log in information to the attacker. Recognising phishing scams is an important way of keeping yourself safe online.

Phishing scams and emails are not a sex worker specific problem. The most common targets of phishing scams in my experience are PayPal members and online banking users. You may have had strange emails from random banks in the past claiming there has been a suspicious transaction on your account. I often think, it must be a very strange transaction, considering I don’t have an account with you!

How’s It Relevant to Sex Work?

I have also seen phishing scams in the sex work world, however they don’t seem to be as common (though I have seen them, mainly on Chaturbate). But that doesn’t mean that we shouldn’t make ourselves aware of what they are and how to spot them, especially since it will keep us safe in our vanilla lives, too. Some clip sites and cam sites do not censor our personal information. On these websites, letting an attacker get your password can be equal to letting them have your real name and address. This is obviously a problem.

Here is a guide on recognising phishing scams, and the methods you can use to determine whether an email is legitimate. Since PayPal users are one of the most common targets, I’ll use them as an example, but the advice applies to Chaturbate, ManyVids, your bank, or any other website you use.

What Email Address Does It Come From?

This can be a difficult way of recognising phishing scams, as the attackers often manage to use email addresses that look legitimate. They can even set their name on the account to the target websites official email address (so their email may be hacker@scamsville.com but their ‘name’ is support@paypal.com, which fools you into thinking it is a legitimate email). Always click on the email if in doubt, to make sure that it’s actually the email address showing, and not just a name that has been set to look like an email address.

As you can see in my example, the email used is clearly not the official PayPal address. This email can be safely reported as a phishing scam.

Where Does the Link Go?

As you can see in my screenshot above, the email claims to be from PayPal but does not link to PayPal.com. You can hover over the link to see where it leads. If it doesn’t say PayPal.com, it’s not even worth clicking. Be aware that it’s possible to set the text in the email to say PayPal.com but, when you click it, it leads you elsewhere. So make sure to hover over and see where it really goes. Never submit your details to websites that aren’t the official web address for PayPal (or Chaturbate, or ManyVids, etc.)

Does the Email Look Official?

This is by no means a foolproof method of detecting phishing scams, because these type of scams have gotten very sophisticated and can, and often do, look convincing. But sometimes it is easy to spot a phishing email this way. Does it have the usual layout of a PayPal email? Does it have typos or bad English? Is it addressed to your PayPal username, or is it addressed to your email address, or ‘PayPal User’? Anything that is addressed to ‘Dear PayPal User’ or similar, and is asking for personal information, is a scam.

Always be on guard

The best way to be safe is to be wary of ANY email that is telling you that something is wrong, and is asking you to log in to fix it, or asking you for personal information. If in doubt, you can call the website (especially if it is a bank!) or email them via their official email address to ask if the email is legitimate. It’s also handy for websites to be aware of phishing scams going around, so they’ll be grateful that you informed them. You can also report phishing scams directly from your email inbox.

What Else Can I Do?

One of the things that will protect you if you do fall for a phishing scam, is 2-Factor Authentication (2FA). 2FA, also known as two-step verification or dual factor authentication, is a security measure where a user has to complete two steps of authentication before being able to access their accounts – usually by entering their password, and then a security code sent to their phone, either via SMS or to an authentication app. Even if you did accidentally submit your information to one of these scammers, the additional layer of security means that the password would be useless to them – they wouldn’t be able to access your account without access to your second method of authentication, usually your phone. You can learn more about this by reading my article about 2-Factor Authentication.