Cybersecurity involves many aspects of technology, all of which are important to keeping individuals, organizations and their data safe. One of the most common cybersecurity threats is phishing.
There are scads of websites that provide guides for users to avert phishing attempts. We have used our experience to harvest the best material and advice for protecting yourself and your organization from phishing scams. Let’s take a closer look.
What is phishing exactly?
“Phishing” is a homophone of fishing. Appropriately, it alludes to luring users while fishing for their sensitive information. It is a form of deception that attackers use to trick you into divulging personal information. Often, phishing begins with a falsified email sent by what looks like a legit source that baits you into opening an attachment or link to a malicious site.
If you are a consumer of news, you know all too well that people fall victim to scammers every day. Last year, the FBI reported close to 850,000 complaints of suspected cybercrime, with a reported loss of nearly $7 billion.
Phishing ranked among the top three reported scams, and victims lost the most money to business email compromises. Every day, scammers launch thousands of phishing attacks — and they’re often successful.
As almost everyone knows first-hand, scammers use email or text messages to try to steal your user IDs and passwords, account numbers, or Social Security numbers. Once they get the information they sought, they have a better chance of gaining access to your personal accounts. They can fraudulently charge things to your credit card, apply for a driver’s license or passport, make use of your health care insurance, and file for government benefits.
According to Experian, scammers might also sell your information on the dark web, “a go-to platform for buying and selling illicit goods and services.”
Scammers who write phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. And the stories are much more sophisticated these days than the old Nigerian prince email scam.
You might get an unexpected email or text message that looks like it’s from a source you know or trust, like your bank or credit card company, your employer, a service like Netflix or Apple, or even your mom or dad. Cybercriminals always pretend to be someone you trust.
These attackers are relying on you to bite. Whether because of a lack of knowledge, inattention to detail, or the simple fact that you are busy, preoccupied, or carelessly multitasking, many people think the bait is real. And in the click of a mouse, they’ve been hacked.
Recognizing the signs of a scam
The Federal Trade Commission offers some great advice for helping us recognize phishing messages. Phishing messages might:
- say they’ve noticed some suspicious activity or log-in attempts — they haven’t.
- claim there’s a problem with your account or your payment information — there isn’t.
- say you need to confirm some personal or financial information — you don’t.
- include an invoice you don’t recognize — it’s fake.
- want you to click on a link to make a payment — but the link has malware.
- say you’re eligible to register for a government refund — it’s a scam.
- offer a coupon for free stuff — it’s not real. If it sounds too good to be true, it probably isn’t.
So how do I avoid falling for the bait?
Even though you have a built-in email spam filter ridding your inbox of phishing attempts, you still need to be vigilant. Scammers scam for a reason: it’s lucrative. So, you can imagine that they make it their mission to outfox spam filters. Extra layers of protection are helpful and necessary.
Here are just a few ways to add those extra layers to protect yourself from phishing attacks:
- Pay attention to links in your email. Research the sender’s email domain—is it legitimate? Why would a business use a Gmail account?
- Look closely for spelling and grammar mistakes. An authentic company will not send out an email riddled with mistakes.
- Any email expressing a sense of urgency should immediately raise a red flag. Scammers are relying on your natural tendency to act within a deadline, especially if not doing so means, for example, that your service will be cut off.
- Are you expecting an attachment? If not, verify its validity by contacting the sender through means other than replying to the message. Pick up the phone or send a text.
- Hover over any links in an email and examine the URL closely before clicking it. Microsoft Tip: On Android, long-press the link to get a properties page that will reveal the true destination of the link. On iOS, do what Apple calls a “light, long-press.”
- Remember, everything you receive in email is not always real.
If an email looks suspicious or you just aren’t sure, report it to your company’s cybersecurity team. If you’re on your personal email and suspect something’s fishy, forward the email to spam@uce.gov, and to the organization the sender is impersonating. Many businesses have a dedicated email address for this purpose. If you have been phished, you can file a complaint with the FBI or with the FTC.
Most importantly, if it looks suspicious, don’t click the link or open the attachment without verifying its source.