Common Phishing Scenarios:
“Your account has been suspended” or “We suspect fraudulent activity on your account” or “You’ve won a contest” or “We owe you a refund”
If you’ve ever received an email, voicemail or text with a message like one of the above, you know how visceral your reaction can be. And chances are very high that the message is a fake.
Just as fishing is one of the oldest occupations around, phishing is one of the oldest scams around. Ever since email was invented, thieves have been phishing to get your information by cleverly impersonating a business or an acquaintance. They hope to trick you into giving out your personal information or opening a link or an attachment that downloads malware onto your computer so that they can gain access all of your data.
Even though it’s been around for a while, it still works with alarming regularity. Almost 90% of all corporate data breach is the result of a phishing attack. The ten companies that are targeted most often by phishers are attacked constantly, sometimes more than 1,000 times per month. It’s always good to have a refresher of how to prevent getting hooked!
What to look for:
- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but may contain a mismatched URL (may vary in spelling like Annazon.com) or the URL contains a misleading domain name. (.com vs. .net). Use the hover technique to verify legitimacy.
- Beware if you receive unsolicited (or out of character) phone calls, visits, or email messages often with an urgent request or threatening punitive action if you don’t respond.
- Think twice if a company that seems legitimate asks you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Remember–legitimate companies don’t ask you to send sensitive information through insecure channels.
How to prevent/avoid phishing (It’s a lot, but every single tip matters!)
- Never open email from an untrusted source and don’t open unexpected email attachments or instant message download links.
- Don’t trust links in an email. Right click on the link to make sure it’s valid. Better yet, type in the real website address into a web browser.
- Never give out personal or financial information upon email request.
- Look carefully at the web address.
- Be suspicious of unsolicited phone calls, visits, or email messages.
- Don’t call company phone numbers in emails or instant messages. Check a reliable source such as a phone book or credit card statement.
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic
- Take advantage of any anti-phishing features offered by your email client and web browser.
- Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the “s” stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Report phishing email to email@example.com
There is also SMiShing (fraud through SMS on your phone), Vishing (fraudulent voice calls) and Spear Phishing (customized email that appears to be from an individual or business that you know). As soon as a new method of communication is invented, I guarantee the fraudsters will be using it, so there will be a new term for that, too!
One of the most profitable steps you can take inside of your organization is training your people to detect phishing scams. They are a hacker’s first and favorite tool to separate you and your data.
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.