In recognition of National Cyber Security Awareness Month, we would like to touch on how you can better protect yourself from falling victim to phishing attacks.
I'm sure you've caught on by now. That Nigerian prince offering large sums of money in return for help to get the money out of Nigeria is a scam. However, phishing attacks have become more sophisticated over the years, and for the most part, it has become much harder to tell the difference between legit and a scam.
What is phishing?
Well, you don't need a pole. Phishing is a form of fraud in which the attacker tries to obtain information such as login credentials or account information by masquerading as a legitimate, reputable entity or person.
These scumbags send emails carefully designed to look like a legitimate message from your bank or other institution you belong to. You could even receive a phone message claiming to be from the Internal Revenue Service (IRS) threatening fines unless you immediately pay what you owe. Scumbags typically create these scams in an effort to steal money and/or personal information. Phishing emails are typically designed to make you click on links or open attachments that look authentic but are really just there to distribute malware on your machine or to capture your credit card number in a form on the scumbag's site.
Here are six tips to help you identify if you had the wool pulled over your eyes:
1. The email urges you to take immediate action
Scumbags often try to trick you into clicking a link by claiming that your account has been closed or put on hold, or that there’s been fraudulent activity requiring your immediate attention. To be safe, don’t click on the link in the email. Instead, log into the account in question directly by visiting the appropriate website, then check your account status.
2. The hyperlinked URL is different from the one shown
The hyperlink text in a phishing email may include the name of a legitimate institution. But when you hover the mouse over the link, you may discover in a small pop-up window that the actual URL differs from the one displayed and that it doesn’t contain the institution’s name. Similarly, you can hover your mouse over the address in the “From” field to see if the website domain matches that of the organization the email is supposed to have been sent from.
3. The email in question has improper spelling or grammar
'Dear Costumer,'....need I say more?
4. The email requests personal information
Reputable organizations don’t ask for personal customer information via email. EVER.
5. The email includes suspicious attachments
Unless you requested a document, you shouldn't be receiving any attachments from someone you don't know. Never click to download the attachment, as it could be malware.
What to do when you think you’ve received a phishing email
Always trust your instincts!