At first glance the word phishing may appear to be a typo referring to a beloved hobby, but in the world of cyber security, phishing is a serious threat to your financial security.
What is Phishing?
Phishing attacks are techniques used by cybercriminals to manipulate computer users into revealing sensitive information or installing malware by way of electronic communication.
What to look for?
Phishing email messages are designed to trick an individual to act upon a request without raising suspicion. The emails usually contain a sense of urgency (past due notice, action required, transaction on hold, etc.). These notices are designed to peak curiosity and prompt you to log in to investigate. This login process will look and feel familiar but in reality you are in a hoax site – designed to steal your credentials and personal information in order to gain access to your accounts.
These emails could contain personal information and may even list co-workers or family members depending on the level of sophistication. Much of this information is available publicly and will often be used to validate the scam.
Look for items like attachments, spoofed links, spoofed websites, grammatical errors, urgent statements, vague language, misspelled words and poor graphics. Larger and legitimate companies have professional staff that spend a great deal of effort on clean, well-formatted communication. If the email does not look like the quality you are accustomed to, then it is likely to be fake.
Text phishing is becoming more popular. Similar to email, be wary of any link or instructions received via text. Choose another method to communicate and verify the identity of the sender. Even if the number matches a contact in your phone, they could be a cybercriminal who has spoofed or deceived a known number.
Phone call threats are still very active. No legitimate firm or organization uses a phone call to gain information. Most, if not all, of these calls are fraudulent. There is usually an urgency to the call (past due, collections, safety risk, and insurance need).
The need for information to satisfy a demand is paramount and the caller can usually be quite persuasive. Get a case number and call the individual back on an official number. Do not give personal information out over the phone before you verify their identity.
Beware of friend or follower requests from individuals you do not know. Many scammers try to gain access to some personal information through your social media accounts. By allowing them to see more of your private information and activities, they have a better chance to phish for additional information.
Some requests might come from a replica account of someone you are already sharing with. The scammer will steal a few photos and create a sight that looks like the site of an established friend.
Once a contact has been established, the scammers will post links or bogus posts with the intent of stealing your information. Even legitimate friends may forward or share these links unknowingly. Stay suspicious of any and all links and posts in social media circles.
How can you protect yourself?
- Be suspicious of any unsolicited opportunity or communication. If you were not expecting it, then do not trust it until you have verified the source.
- Don’t click links or attachments without first understanding what it is and why you are clicking it. We have become accustomed to clicking things that come our way. The scammers trust that this habit will continue. Break the clicking habit and replace it with healthy skepticism.
- Directly contact the sender or the firm. Reach out via known contacts. Official websites, phone numbers, and email addresses are safe to vet the suspicious activity. Do not use links or contact info within the email, text, or social media post.
- Report all incidents. If you have been contacted fraudulently in any form, notify the individual or organization that has been spoofed. This will allow them to warn their other clients/contacts to prevent any resultant activity.