Malicious apps and phishing websites are becoming more and more sophisticated and we can all fall for them at some point, with disastrous consequences such as having our personal data or money stolen.
The problem is that It’s not always clear at first glance whether something is a scam or not.for which we are going to give you a series of clues in the form of things that you should pay attention to to avoid falling into this type of scam.
If the message was marked as spam
The first of all, trust the Google Messages spam filter (or the email app you’re using), because it’s likely that the message that marked you as spam is actually spam. False positives exist, but they are far fewer than the times the spam filter hits the mark and sends a potentially malicious message to purgatory.
The Google Messages spam filter draws on messages from billions of users to detect common patterns used by scammers. The filter works great today, but in the future it should be even better with the intervention of Gemini AI. If a message has been marked as spam, be extremely skeptical of its content or, better yet, ignore it.
If the web address does not match
One of the easiest ways to tell what is normal from what is not paying attention to web addresses in the message, particularly in the domain. For example, a supposed post from Correos España will not include a link to the Correos.es domain, but rather anything else that might include “correos” elsewhere to give it authenticity.
If there are any strange areas in the link, it is most likely that This is a scam based on phishing. That is, you are sent to a web address that claims to be the official address, so that you can enter your login information or make some type of payment.
If it only asks for personal information or payment
Let’s assume that neither you nor the spam filter is clear whether the link is malicious or not and you open it. Some details from the website that opens may help us determine whether it is a fake website or not. To get started, look at the link’s web address and domain again, tapping the address bar to see it fully. If it’s a rare domain, close the tab and mark the message as spam.
These fake websites also tend to be too direct, asking you for a string of personal data in one form and without including any other type of additional information (or, if there is an additional link, it takes us to the official website, on another domain).
If you cannot verify the information
Lots of these spam messages they are trying their luck by alarming you telling you that you need to pay customs fees, that your package could not be delivered, or that your bank account has been compromised and that you need to change your PIN and password. If this doesn’t even apply to you (you haven’t placed any orders, you’re using another bank, etc.), then it’s clear that it’s a scam.
If you have any doubts, check the information in another waysuch as visiting the entity’s official website or calling customer service or fraud prevention line, if applicable.
If you download APK from unknown sites
We already know that not all apps are on Google Play, but if you receive a message with a direct link to download an application, is a clear indication that it is surely a malicious application. Especially if the app is downloaded from an unknown domain and not from reputable places like F-Droid or GitHub.
Always be wary of download apps from unknown places that come out of nowhere and let’s try to overcome the temptation to download them to see what they’re all about. The same goes if a stranger attaches an APK file to you while chatting on apps like WhatsApp or Telegram.
If Google Play Protect detects the app as malicious
If you couldn’t resist the temptation and installed an application outside of Google Play and the first thing that appears when installing it is a great review of Play Protect telling you that it is a harmful app is a good indication that you better uninstall it.
Google Play Protect may be presented as a “protector” and marked as harmful apps for power users that make system modifications, like AA AIO Tweaker, but if that’s not your case, then It’s better that you pay attention to him. After all, Google blocked more than 2 billion malicious apps from reaching its store last year.
If it asks for permissions that make no sense
Finally, we can’t forget about apps that ask for excessive permissions or don’t make any sense. The two permissions you should be most careful with today are accessibility permission and permission to be displayed on top of other apps.
These two permissions combined form the basis of most malware on Android, allowing malicious apps to run.perform actions on the mobile without user intervention. Be very careful which apps you grant these permissions to.
Cover image | Generated with AI
In Xataka Android | How to avoid SPAM SMS on Android and what risks you run if you don’t do it
Table of Contents
