Phishing Scams:
What is
phishing?
Most of us
have gotten used to doing business online: we buy and sell things and we have
accounts with sensitive information. The risk of doing business online is low
as long as you deal directly with organizations you trust.
Problems
occur when criminals impersonate these organizations and fool you into handing
over sensitive information like account numbers, passwords and PIN numbers.
Through the
Internet and electronic communication like email, instant messaging, text
messaging and social media, these criminals cast a wide net to catch as many
unsuspecting victims as possible.
For
example, you receive an email that looks like a trustworthy message from a
bank. It asks you to click a link to verify information and you assume it is
legit. So you click the link and log in to what appears to be you bank’s
website. At this point, the scam is complete. You have handed over your bank’s
password to the criminals who can use it to take your money. They were able to fool you by impersonating
the bank’s website.
It looks
real, but it is designed to fool you into handing over important information.
This is a scam called phishing and you need to avoid it. Remember, phishing
emails may use the same exact logos, phone numbers and addresses that appear on
your statements or bills. Always be suspicious of an email that asks for your
information. No exceptions.
They key to
avoiding this scam is awareness. Avoid being a phisher’s “catch of the day.” There
are few keys to detecting phishing emails: they often try to scare you, by
saying your account has been accessed or security has been compromised. They
also insist that you click a link to verify information or fill out a form. Do
not click links or fill out forms in suspicious emails. The email may also have
misspellings and call you something like “valued customer:” the crooks don’t
know your name.
Email
phishing is one of the most common forms of phishing attacks used today. Cyber
criminals disguise themselves as your trusted banks, employer, Phone Company,
email provider, social medial provider or other company to lure you into giving
them your personal information so they can use it to their advantage. Though
these attacks are well disguised and sophisticated, they can generally be
detected with four quick steps:
1-
Spelling and grammatical errors in the subject
line and body of the email.
2-
Urgent calls to action requesting login
credentials or personal information for verification.
3-
Foreign email addresses, or email addresses that
aren’t assigned to the “trusted” company.
4-
Links that when hovered over show a domain that
is not the same as the “company” sending the email.
You’ve
probably already seen this attack, whether you realized it or not. Never click
on the links, and never provide log in credentials or other personal
information. Do not open unknown attachments. Don’t fall for “too good to be
true” promises.
If you feel the email is legitimate, manually enter the
trusted website in a separate window, then contact your trusted representative
through their traditional channel of communication.
If you
receive a phishing email, stay calm: there is no risk to receiving it, just
delete it. You can also safely report it by forwarding it to reportphishing@antiphishing.org
or spam@uce.gov. If an email does lead you to
a suspicious website, remember to look at the web address. The address in your
browser should look familiar. If you suspect that criminals have your
information, immediately contact organizations where you have accounts.
Phishing
scams are a growing threat on the Internet. By being aware of the scam, you can
feel confident in working with companies online. To protect yourself in the
long run, you might also want to consider anti-phishing software. Further,
check your online accounts and credit reports regularly and quickly report
anything that is out of place.
No comments:
Post a Comment