What is Phishing?
Phishing is a fraudulent attempt by cybercriminals to attempt to steal your money or identity by getting you to reveal personal information like passwords, credit card numbers, and bank information. Typically, deceptive links are used in email messages to pretend to be companies you do business with, friends, or acquaintances and lead you to a fake website to harvest your username, password, and other information. Then these individuals can use this information to gain access to the legitimate website or even on other sites if you use the same username and passwords. Further, if you save your credit card information on those websites, they can make purchases with your saved credit card. Effective cybersecurity requires you to be the first line of defense to prevent these attacks. Find out more about your role in cybersecurity.
- Don’t click email links to activate, confirm, validate, or verify your account
Did you get an unexpected email from a company you do business with already to verify your account? Don’t click that link! If you hover your cursor over the hyperlink, it will show where the link takes you. If you are concerned about an account, log into your account directly (don’t just click on the link) to see if you need to act.
- Urgent or threatening language
Most emergencies are NOT addressed through email. If a sender asks you to click on a link or open an attachment to avoid a negative consequence, it’s most likely a scam. Pause for a minute and think whether an email makes sense. A sheriff will not show up at your door and arrest you if you don’t click. And why would you ever pay for an emergency with Amazon or Apple gift cards?
- Poor spelling and grammar
While occasional typos happen to even the best of us, an email filled with errors and poor grammar is a clear warning sign. Unlikely mistakes throughout the message indicate that the email is not professional, and the message is likely fraudulent.
- An offer too good to be true
Sure, free items or a lottery win sound great, but when the offer comes out of nowhere and with no catch? If it is something you were not expecting or makes no sense, there’s cause for concern.
- Random sender who knows too much
Phishing has advanced in recent years to include ‘spear phishing,’ an email or offer specially designed for you. Culprits take details from your public channels, including social media, and then use them against you. The only clues? The sender is unknown.
- The URL or email address is not quite right
One of the most effective techniques used in phishing emails is to use domains that sound almost right. For example, [microsoft.info.com] or [pay-pal.com]. Hover over the link with your mouse and review where it will take you. Send that email to the trash bin if it doesn’t look right or is completely different from the link text.
- It asks for personal, financial, or business details
Alarm bells should ring when a message contains a request for personal, business, or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels.
- Attachments that you are not expecting
If you receive an attachment from a sender that usually does not send attachments or appears to be mismatched, don’t click on it. An example is an invoice for products you didn’t order.
So what happened if you do click?
If you click on a phishing email and enter personal information, you may or may not immediately realize it. It may be possible that you receive suspicious emails, or your acquaintances may start getting odd emails that appear to be sent by you. However, it may be possible that cybercriminals collect and sell your information to someone else, so the effects may not be as immediate. Some other signs to look for:
- Identify theft
- Unfamiliar banking transactions
- Locked accounts
- Flood of unsolicited emails (look closely for orders that are buried inside your inbox)
Depending on the scam, you may need to do the following:
- Change your passwords
- Contact your banks or credit card companies
- Have your computer checked by professionals
While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that you have the best protection available. Our email service offers sophisticated anti-phishing and targeted attack protection capabilities as well as point-of-click protection to help protect you from accidentally clicking on known malicious links.
Ultimately, everyone is responsible for their own online safety. By educating yourself about the risks and learning how to spot threats, you are giving yourself a leg up on cybercriminals. You can learn more about this by going to the FTC website or give us a call at 508-478-6010 to discuss how we can secure your system against costly phishing attacks