How to Avoid Phishing Scams When Entering Sweepstakes

What Phishing Scams Are and How to Stay Safe

Savvy hackers can nab your credit info by surveilling your web life
••• Dazeley / Getty

When you think of identity theft, you might envision a criminal cracking a database or intercepting your mail. But one of the most nefarious—and successful—ways of stealing an identity involves tricking you into handing over your sensitive information willingly. This tactic is called “phishing” and sweepstakes fans are especially vulnerable to it. Here’s how to stay safe.

What Is Phishing?

Phishing is a scam tactic that aims to deceive victims into thinking that they are giving their personal information to a trusted site, when they are actually playing into the hands of criminals.

If you’ve ever received a poorly-worded email saying that there’s a problem with your bank account or with an online order (that you never even placed) and you need to click a link to rectify the problem, then you’ve experienced a phishing attempt.

The most common method that modern hackers use to phish is to send an email with some urgent problem that the intended victim needs to resolve by clicking a link. The link brings them to a website that may look official, but which actually belongs to the scammer.

The victim is then asked to enter personal information including their username and password, name and address, bank account and credit card information, and more. The information then goes straight to the hacker, who can use it to access your bank accounts and/or steal your identity.

Phishing attacks are generally cast with a wide net; emails are sent to addresses in bulk. But there’s also a special kind of attack called “spear phishing.”

Spear phishing is an attack against a single person using information that the hacker has gained about them. For example, an email might come from a person you actually know or reference other information personal to you.

If you’d like to see some real-world examples of both types of attacks, check out this collection of phishing email examples here.

Why Are Sweepstakes Fans Vulnerable to Phishing Attacks?

While emails from banks and other institutions are commonly used for phishing attacks, they’re not the only tactic that hackers employ. And some of the other phishing methods involve sweepstakes.

For example, hackers might set up a giveaway with an attractive prize that they’re never intending to award. Instead, they misuse the information that entrants share for identity theft.

Another way that hackers can use sweepstakes is to send an email saying that you’re a potential winner and to click on the link to claim your prize. The link leads to a form asking for sensitive information.

Sweepstakes fans are also vulnerable to certain kinds of spear-phishing attacks. For example, a hacker can tailor an email saying that there’s a problem with a prize you’ve really won after seeing your name on a winner’s list. Or they could hack a sweepstakes database and send phishing emails to all of the people who entered.

How to Know When You’re Being Phished

Phishing attacks can be sophisticated and difficult to recognize, but there are some tell-tale signs that you can keep an eye out for.

  • If you’ve received a legitimate email from a large company, you can expect it to be free from spelling mistakes and strange grammar. If your mail is full of typos, it’s a red flag.
  • Any legitimate website asking you to submit sensitive information over the net will use a secure method to transmit that information. To find out if the site you are using is secure, look at the web address at the top of your browser: the URL should start with https:// rather than http:// and should have a closed padlock icon in front of it,
  • Pay close attention to the web address that you are visiting. Some hackers spoof legitimate websites by using an address that looks similar but has slight differences from the real one. For example, a hacker might use a dash in the name (like good-housekeeping.com instead of goodhousekeeping.com) or switch a letter (pubIlshersclearinghouse has an “l” instead of an i) in it or leave out a letter altogether (wikipeda.com).
  • If you receive an email with a link in it, hover your mouse over the link before clicking on it. That should show you the URL that you’ll be brought to if you click. Check to see if the URL looks legitimate before clicking.
  • Before you enter a giveaway, be sure to review these tips to determine whether or not sweepstakes are legitimate and the warning signs of sweepstakes scams.
  • If you have any doubts, contact the sweepstakes sponsor directly. Send an email to customer support asking whether they are really hosting a contest. If you are a victim of a spear-phishing attack that is trying to convince you that there’s a problem with a prize you already received, reach out to the company to ask directly.
  • Finally, remember that you should never need to pay to receive a prize. You don’t have to pay taxes in advance and you shouldn’t need to share bank account information or credit card information to verify your identity.

    Additional Steps to Stay Safe

    In addition to links to websites where you hand over sensitive information to criminals, phishing emails can also result in infection by viruses and ransomware. To protect yourself, it’s a good idea to be sure that you have virus software installed and up to date.

    To protect yourself specifically from phishing attacks, you can also install a phishing toolbar in your browser. These track harmful websites and warn you if you are trying to visit one.

    When it comes to protecting yourself online, knowing really is half the battle. It’s a smart idea to use a site like PrivacyClearinghouse.org to stay abreast of the latest phishing scams so that you know what to be on the lookout for.