The first rule in combating phishing is if you don’t know who sent you a strange-looking email, don’t click on any hyperlinks or pictures in the email.
But what if that email isn’t strange-looking at all? Scammers and hackers are becoming more sophisticated every day, so it’s harder to recognize them. Now, they’re coming up with more tricky ways to steal your personal information.
Phishing is a fraudulent method that cybercriminals use to send emails that appear to be from legitimate sources in hopes of tricking victims into providing personal information, such as passwords, security hint answers, bank account information or credit card numbers. No reputable firm, such as a bank, will ever request your personal data via email.
Phishing costs businesses an estimated $500 million annually, and 91% of advanced cyberattacks begin with email. The most common form of phishing involves contacting users by email and asking to verify an account by providing information to a false website that looks legitimate.
Here are some of the latest tips:
Do NOT Click
It’s worth repeating. Never click on links in unsolicited email messages. Again. Never click on links in unsolicited email messages. Simply clicking on links in phishing emails can unleash viruses or install malware or ransomware.
Beware Emotional Manipulation
Your email IN box is overwhelming, and you see a message with URGENT or IMPORTANT or FINAL NOTICE that triggers an emotional reaction on your part. Beware of that trigger.
Check for Tpyos
The one in that header is placed there on purpose to illustrate a point. Two of the common identifying marks of a phishing attempt are typos and grammatical errors. For example:
“This email is to infrom you that your email account is about to be deacctivated if you dont act immediately!!”
Email is Not Personalized
Watch out for the “Dear Client” and “Dear User” salutations in your email. Those are bound to be phishy.
Email “From” Address is Odd
Disguising the “From” name or “From” email address is a popular tactic. Look carefully at the email address. It may look legitimate, but a misplaced letter or punctuation mark can give you a clue that it’s fake. For example, receiving email from email@example.com should throw off some alarm bells.
Fake Dating Sites
Fake online romances can lead to phishing attempts. Regardless of how real someone seems, you should never give them personal information. Phishing attempts can occur through fake online dating sites. The person in question may ask you casual questions about your pet’s names, your hometown, your high school, your favorite teacher or your mother’s maiden name. Answers to these questions often match those security reminder questions and could potentially be used to steal your identity.
They’re Working the Phones, Too
Phishers may call asking for private data. Do not give your information over the phone to anyone who calls you. Instead, ask them to give you a case number or an extension number and then call back through the main number of the company that they claim to work for. Don’t simply call back to a number they provide you.
Fake Contact Information
Some emails don’t have links or attachments, making them look legitimate. The email, instead, has a hotline for you to call to fix an issue with your bank or credit card company or other financial institution. If you do make that call, make sure that you are calling the right number. Look at your most recent bank statement or the back of your credit card to find the correct customer care contact number. Otherwise, you may be calling someone who is interested only in stealing your personal data.
Social Media Tricks
Scam artists may use the information you post on social media accounts to make their phishing emails seem more legitimate.
Some phishing emails have links built into a photo in the email rather than in the words. Watch out for those tempting photos.
SMiShing — a merger of the terms “SMS” and “phishing” — is a type of phishing done by mobile phone. SMiShing involves text messages sent to trick you into visiting a link or sending personal information to the sender. The text message may claim to be from your cell phone provider and request your payment information or may prompt you to click on a link and fill out a form to gain access to a prize. You should delete unsolicited text messages.
Reach Out for Help
You may not always be able to detect a phishing attack. If you believe you have fallen victim, don’t be ashamed and don’t hide it. Contact your company’s help desk. Phishing attacks can be convincing. If you think that you may have accidentally given out sensitive or confidential data, you should contact the Help Desk. They will be able to determine whether the email or call you received was legitimate.