Phishing is a type of online scam that targets consumers by sending an email or text message that appears to be legitimate from a well-known source. By appearing to be legitimate, the consumer ends up providing their personal information which then gains the scammer access to their email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and are often successful.
How To Spot a Phishing Scam
Scammers often update their tactics, but there are some signs that will help you recognize a phishing email or text message:
- Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.
- Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. Examples include:
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice
How to Protect Yourself From Phishing Attacks
Your email spam filters may keep many phishing emails out of your inbox. However, scammers are always trying to outsmart spam filters so it is a good idea to add extra layers of protection. Follow these four steps to protect yourself from phishing attacks.
1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
- Something you have — like a passcode you get via text message or an authentication app.
- Something you are — like a scan of your fingerprint, your retina, or your face.
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
-
Be Cautious of Opening Email Attachments
The general rule is to NEVER open an email attachment if you do not know who it came from or why you received it. Here are ways you can tell whether or not an attachment is safe to open:**
- Ask yourself: Was I expecting to receive this attachment, and did it come from who I would expect it to come from?
- Check email addresses for any “red flags” that may indicate the email address has been spoofed or faked.
- Never open an email attachment if you don’t recognize the sender.
- If you recognize the person or email address, but it was still unexpected, contact them through a different form of communication to find out if it was intentional.
Be Cautious of Opening Email Links
What Can Happen:
- Makes you a higher target– A link could contain coding that uniquely identifies you so scammers can sell your email to other scammers.
- May compromise your computer – Clicking or opening a link may infect your computer with malware.
- May take you to a fake login page that looks real – Website will ask you to enter personal information, such as passwords or bank information.
- Could compromise your online accounts– gives scammers access and control to your accounts.
ALWAYS THINK BEFORE YOU CLICK!
What to Do If You Responded to a Phishing Email
If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.
If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan.
*How to Recognize and Avoid Phishing Scams, Federal Trade Commission
**Phishing, Knowbe4