Watch Out for Phishing
This article will dive into the cyberattack known as phishing, and is the second part in a three part series on creating foundational cybersecurity habits.
Phishing is a type of cybercrime in which criminals try to get your personal information. Phishing emails, texts, and other messages can look like they’re from a familiar company or person, as a way to trick you into giving them your information.
Phishing is an attempt to get personal information.
Phishing is the attempt to get someone’s personal information. It works by making you think an email is from a company you trust, and asking you to give up sensitive information like passwords or credit card numbers. The scammers usually make their emails look like they are from legitimate companies, in order to trick people into giving away their personal information.
To protect yourself from phishing scams, here are a couple tips to watch out for:
- Be suspicious of unexpected emails from companies or individuals that ask for your information. In general, it will be very rare for a legitimate company to reach out to you, and prompt you for information. If you contact them, they may ask you to verify your identity, but it is very rare for them to require identity verification when they initiate the contact.
- As a general rule of thumb, avoid clicking on links and opening attachments. If you are expecting an email from someone, then you can usually trust the source. But if the email is completely unprompted and unexpected, it’s best to contact the source OUTSIDE of that email chain. If it’s a person you know, send them a text or phone call asking if they sent you the message. If the sender is a company, look up the company’s contact information from Google, and call them directly.
Phishing continues to be #1 attack by cybercriminals.
You might think you’re safe from cyber criminals, but the truth is that phishing continues to be the top attack utilized by criminals. What used to be solely in emails, has now ventured into text messages (smishing) and phone calls (vishing). All of these attacks are apart of what we call Social Engineering. Social Engineering is really just a term used to describe a type of cyber-attack where the fraudsters attempt to trick you into providing sensitive information by masquerading as a trusted source.
Phishing also leads to another common, and very expensive, attack known as ransomware. This is where hackers encrypt your files, locking you out of those files and potentially the information system, and demand payment for their release.
Just because the email looks legitimate doesn’t mean it is.
People tend to think they will never fall for one of these malicious attacks, but the truth is that they continue to be used because they are very affective. As time goes one, these attacks continue to grow in sophistication, making them even more dangerous. Here are a few things to watch out for when separating legitimate messages from a phish:
- Be on the lookout for typos, grammar errors, or other inconsistencies. If the email looks like it was sent by a high school student who is also very tired from Math class, it might be a good idea to think twice before clicking on any links.
- Check out the email address. Is it familiar? Does the domain look like it’s from a legitimate/reputable company? If you’re not sure if it’s legit, reach out to them over another channel like their listed phone number on Google.
- Check out the subject line; does this sound legit? If there are words such as “urgent” or “important”, but nothing actually seems urgent or important…maybe rethink whether you want to click that link!
Sometimes links in phishing emails will direct you to websites that look legitimate.
Phishing emails may look like they’re from your bank or another financial institution, but if you click on the links in the email, you’ll be taken to a website that looks just like your bank’s website. In fact, it might even have your full name on it! You can’t tell by looking at it whether it’s a real email from your bank or not. You also can’t tell whether someone calling you is actually who they say they are or an imposter. That’s what makes social engineering so dangerous.
Always remember, stay calm and don’t REACT. Follow the rules listed above. If you want to confirm if the information in the email is real, just contact the company directly through their secured website.
Contact Us with Questions
Phishing attempts can come in many forms, but they are easy to spot if you know what to look for. If something seems phishy, it probably is! Don’t hesitate to contact the company if you have any questions about the legitimacy of an email or website link.
Also, with the damage this types of attacks are causing, securing businesses has become essential. If you have any questions on how you can create a more affective information security program, please don’t hesitate to CONTACT US.