What is Phishing?
It sounds like a relaxing way to spend the afternoon, but we’re not talking about your uncle’s favorite pastime. We’re talking about online phishing, a form of digital scamming where criminals attempt to trick victims into sharing personal and financial information or even get them to download malware and viruses. Once obtained, they can use that intel to steal your money and identity, and wreak havoc on your life. Here are a few common forms of phishing:
- Spam – If you have email you more than likely have your fair share of spam, or unsolicited emails, in your inbox each day. Criminals can easily obtain email addresses from various sources and blast messages to unsuspecting recipients. Phishing emails often have an urgent message and request an immediate response.
- Spear Phishing – This is a highly targeted form of phishing in which the criminals attack a business in an attempt to gain access to customer information. From there, they can pose as the victimized company and send customers emails that request information and/or include malicious links.
- Websites & Social Media – Cyber criminals build websites and social media profiles that claim to sell products, offer giveaways or promote can’t-be-beat coupons. The offers are amazing – but in order to get your hands on their “deals” they require you to enter your information or click a link.
Don’t be the ‘Catch of the Day’
You don’t want to be the bad guys’ ‘Catch of the Day’ when it comes to phishing. Here are just a FEW red flags to look for to avoid falling victim:
- Don’t trust the display name in an email – Always look at both the display name and the sender’s email address. If the display name says “Blue Hills Bank”, but the sender’s email address is gotcha@BleuBillsBanc.com, or an unrelated address, that’s a clear indication that something isn’t right. Delete the email immediately.
- Look before you click – Always hover your mouse over a link. The actual web address should pop-up. If the web address doesn’t look right, such as a misspelled company name or if it isn’t related to the company at all, that’s a red flag. Don’t click it.
- Don’t click on email attachments – If you’re not expecting an attachment from the sender, don’t open it. Instead, contact the sender through another means and ask if the email attachment you received was legitimate. Opening a malicious attachment could download malware on your computer or device that may damage files or steal your passwords.
- Beware of urgent or threatening language – Cybercriminals like to use scare tactics or invoke a sense of urgency to engage would-be victims. Be wary of emails that claim such things as your “account has been suspended” or that ask you to verify your information for continued service. If you’re concerned about the legitimacy of a message, contact the through another means.
- Don’t let looks fool you – Just because an email, social media page or website looks like the company you’re familiar with, doesn’t mean it’s really the company. Scam artists are extremely crafty and will build almost anything to look like the brand you do business with. Before you go any further, make sure the sender information, web address or social media page are legitimate. If you’re questioning anything – do an online search to verify the company information, or simply contact the company directly.
October is Cybersecurity Awareness Month. For more information about phishing and tips for avoiding falling victim, visit staysafeonline.org, a division of the National Cybersecurity Alliance.