How to identify and report phishing scams

How to identify and report phishing scams

Imagine you’re scrolling through your Instagram feed and you suddenly get a message in your DMs. It’s from an account you don’t follow, and it seems to be run by your favourite company’s brand ambassadors. In their message, they promise to send you some products for free if you click on an attached link.

Do you click on the link or not?

In this digital age, protecting your online identity and accounts is very important as scammers are becoming increasingly deceptive with their phishing attempts.

Phishing is a cyberattack where scammers try to trick you into revealing sensitive information like your passwords and bank details. They pose as real companies and create fake emails, social media profiles, and numbers to get you to take actions that compromise your safety. One wrong click can expose your data to scammers.

Read on to learn how to spot and report phishing scams to enhance your online security.

Emails

Spotting phishing emails can be tricky. Watch out for these warning signs of a scam email:

phishing email example from deriv email

Common red flags of a phishing email:

  • Unfamiliar sender’s email address. Deriv sends emails with the address ending in @deriv.com.
  • Spelling and grammatical errors.
  • They ask you to click suspicious links and attachments.
  • Promises of easy money and huge profits.
  • Requests to take immediate action like transferring your money to a bank account.

Less common red flags of a phishing email:

  • Overly polite or formal language: Phishing emails sometimes use overly polite or formal language to create a false sense of professionalism and trust.
  • Odd requests for information: Scam emails may ask for odd information, such as your mother's maiden name, childhood pet's name, or your childhood town’s name. These are common security questions which, if the scammer has the answers, can be used to reset your password and gain access to your account.
  • Unexpected email signature changes: If you notice an abrupt change in the sender's email signature, like a different name or contact details, this is most likely a phishing email.
  • Shortened URLs: Scammers often use URL shortening services to hide malicious links. The URL is shortened so the link doesn’t display the website if you hover your cursor over it.

If you get an email from someone pretending to be Deriv, please report it to us via live chat. Contact us if you have concerns, and we’ll confirm if we need anything from you.

Social media accounts

Now when it comes to fake social media profiles, we have to be more vigilant online. Look out for these warning signs to ensure you won’t become the next victim of a scam:

Common red flags of a fake social media profile:

  • Frequent spelling and grammar errors.
  • Misspelling of the account name.
  • A high following-to-follow ratio.
  • Emoji-loaded offers that sound too good to be true.
  • Few or no friends/followers.

Less common red flags of a fake social media profile:

  • Too many posts in a short time: Scam accounts may post numerous images or stories in a short period to gain attention and followers fast.
  • Promotion of fake products: Scammers often advertise counterfeit or random products, that is not related to the company.
  • Strange friend/follow requests: Scammers often create fake profiles and send you friend /follow requests. These accounts typically have few friends, minimal personal information, and no mutual connections.
  • Request for payment: Scammers may ask you to make payments or transfer money outside of the platform. Please note that if Deriv needs any personal information, the request will be made via our official email or live chat.

If you come across a fake social media account, tap on the 3 dots on the profile and click Report to flag the account as fraudulent. This process will take less than a minute and helps the platform take appropriate action.

After reporting the fake profile, please provide screenshots of their account to our Customer Support team via live chat so we can take additional measures.

Messaging app

On top of the fake social media profiles, scammers also create fake messaging accounts on WhatsApp to directly target a user. Make sure to check these signs of a scam messaging account and know how to report them effectively.

Whatsapp scam messages example from fake Deriv number

Common red flags of a scam messaging account:

  • Spelling and grammatical errors in the message.
  • Calls to click on links or download apps.
  • Promises of huge profits and easy money.
  • Urgent requests for personal data like your password and bank details.

Less common red flags of a scam messaging account:

  • Excessive use of bots: Scammers may employ bots to engage you with automated messages or links to fraudulent websites. If a conversation feels too scripted or unnatural, it could be a scam.
  • Fake customer support: Some scammers pose as customer support agents and offer assistance with issues you didn't request help for.
  • Suspicious forwarded messages: If someone you don't know well forwards you messages or files without context, it could be an attempt to spread scams or viruses.
  • Impersonation of trusted contacts: Scammers may impersonate your trusted contacts by using similar profile pictures and usernames.

If you come across a fake profile on a messaging app, tap on the account’s profile and click Report to flag the account as fraudulent. This process will take less than a minute and helps the platform take appropriate action.

After reporting the fake profile, please provide screenshots of their account to our Customer Support team via live chat so we can take additional measures.

Best practices to avoid phishing in general

Now that you can recognise and take action against phishing attempts, always remember the 5 Don'ts when engaging with emails and online accounts:

  1. Don’t instantly click on links or download files.
  2. Don’t share your personal information.
  3. Don’t act immediately if you’re being pressured to.
  4. Don't be afraid to contact our Customer Support via live chat if you have doubts or concerns.
  5. Don’t answer suspicious emails, calls, and messages.

Our official social media accounts for the EU are:

Our official social media accounts for the rest of the world are:

For more safety tips, check out our How to protect your online trading account blog post or our How to avoid trading scams blog post.