Have you ever received a strange email from a mysterious sender asking for money? Or perhaps you’ve gotten a phone call from someone you don’t know who tells you that your bank account has been compromised. Maybe it was even a suspicious text message. Emails, phone calls, and text messages are all mediums through which cybercriminals will try to steal consumers’ personal information with the intention of turning a profit. This type of scam is called “phishing,” and it is fairly common in today’s society—in businesses alone, according to the FBI, phishing resulted in the loss of over $1.7 billion in 2019. Sometimes, though, we use technology to give personal information to people who legitimately need it. The question, then, is this: how can we know which messages are scams, and how do we defend ourselves and those we care about against them?
How do I know if it’s legitimate?
In a phishing attack, a criminal pretends be a legitimate entity and asks for your personal information, such as your bank account credentials or your Social Security Number. Although cybercriminals are often very sneaky, there are some common, telltale signs that the person you’re corresponding with is a fraud:
- Poor grammar or spelling
- Links that are not spelled exactly correctly; for example, www.vmetfiber.com
- Unbelievably good offers
- Unexpected or unusual attachments
- Unknown sender or caller
- Mumbling over the phone or overusing technical language
- Supposedly urgent messages
To see a more comprehensive list of phishing techniques, check out this PDF from KnowBe4.
How can I protect myself from phishing attacks?
There are a few ways to try to prevent phishing attacks. One option is to use a spam filter in your email inbox. Spam filters analyze different criteria in an attempt to deduce whether or not an email is from a legitimate source. These emails will be put into a spam inbox instead of your main inbox. However, it’s important to note that spam filters can make mistakes. An important email that is from a legitimate source may end up in your spam inbox, or a cybercriminal may outsmart the filter, allowing a phishing attack to reach your main inbox.
Another way to prevent phishing attacks from being successful is to be more mindful about your online habits. Whenever you receive an email, read it carefully to see if you spot anything suspicious. If you’re in doubt about who sent an email or whether it’s safe, don’t open it! If you do open an email and think that it could be a scam, don’t click on any links, open any attachments, or respond. You also shouldn’t answer calls from unknown numbers, and you should never give your information to someone over the phone unless you are certain that it is safe. Remember, criminals can find details like your name, job, and phone number online and use them to personalize the attack, which may make it seem valid. However, if you are at all unsure about an email’s legitimacy, it is best to investigate its safety further before giving away any information.
If you are about to click on a link, you can put your mouse pointer on the link without clicking first to verify that it begins with “https.” Websites with these letters at the beginning of the URL are secure. Some links may appear to take you to a reputable website, but when you hover your mouse over the link, you will see that it would take you to a different website altogether. If the link appears to be a ploy, don’t click on it. Additionally, if a website asks for personal information before it will grant you access to a specific page, you may choose to call the company with a phone number you know is correct to ensure that the website is legitimate.
In conclusion, always think twice before giving out your personal information. Read your emails carefully and search for signs of phishing in order to prevent cybercriminals from taking advantage of you. Make sure to remind your family members to do the same, especially older adults, who are most often the victims of cybercrimes.
If you are targeted by a phishing attack, follow these steps to report it to the Federal Trade Commission:
- If the attack is an email, forward it to firstname.lastname@example.org. If the attack is a text, forward it to SPAM (7726).
- Visit https://reportfraud.ftc.gov/#/ to file your report.
If you have any questions about phishing or other Internet scams, give the VNET team a call!
Sources: 6 Common Phishing Attacks and How to Protect Against Them (tripwire.com)
The 5 most common types of phishing attack – IT Governance Blog En
Phishing | What Is Phishing?
How To Recognize and Avoid Phishing Scams | FTC Consumer Information