How to Recognize and Avoid Phishing Scams

Phishing is fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication

These scams are typically carried out by email or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.

Scammers launch thousands of phishing attacks every day costing individual consumers and companies thousands of dollars. In fact, the FBI’s Internet Crime Complaint Center is reporting that over $30 million was lost to phishing schemes in one year. Below are some ways you can protect yourself.

Scammers often update their tactics, but there are some signs that will help you recognize a phishing email or text message.

Phishing emails and text messages may look like they’re from a company you know or trust, but when you look closer there are signs you are about to get scammed.

 

Screen Shot 2019-07-01 at 1.54.10 PM.pngSource:  https://resources.infosecinstitute.com/category/enterprise/phishing/#gref

Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.

  • Poor Standards: The email looks like it’s from a legit company. They even have the logo.  But, when you take a closer look it appears somewhat skewed. Would a respectable company allow unprofessional looking correspondence to go out to consumers?
  • Threats: Many phishing scams will threaten consequences if you do not comply.
  • Generic: Many of these emails are sent out in bundles so oftentimes you will see a generic salutation like, “Hi Dear.” If you have an account with the business, it most likely wouldn’t use a generic greeting like this.
  • The Hook: The email invites you to click on a link to update your payment details.
  • Fake Links: Hover over the links in the email without clicking on it. This will bring up the actual URL that it would be sending you to. Often you will find the link is something completely different.  

 

The scammers who send emails like this do not have anything to do with the companies they pretend to be. Phishing emails can have real consequences for people who give scammers their information, and they can harm the reputation of the companies they’re spoofing.

How to Protect Yourself 

Your email spam filters may keep many phishing emails out of your inbox, but scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection. Here are four steps you can take.

  1. Protect your computer by using security software and set it to update automatically.

 

  1. Protect your mobile phone by setting the software to update automatically.

 

  1. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication.This can be a passcode you get via text message or an authentication app and/or a scan of your fingerprint, your retina, or your face. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

 

  1. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.

 

What to Do If You Suspect a Phishing Attack

If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me? If the answer is “No,” it could be a phishing scam. Go back and review the tips on how to recognize phishing scams and look for signs of a phishing scam. If you see them, report the message and then delete it. If the answer is “Yes,” contact the company using a phone number or website you know is real. Not the information in the email. Attachments and links can install harmful malware.

 

What to Do If You Responded to a Phishing Email

If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.

 

If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan test.

 

How to Report Phishing

If you got a phishing email or text message, report it. The information you give can help fight the scammers.

Step 1.Make your own in-house it security administrator aware of the situation.

Step 2.Forward it to the FTC at spam@uce.govand to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).

Step 2.Report the phishing attack to the FTC at ftc.gov/complaint.

 

 

 

MORE USEFULL INFORMATION: https://www.consumer.ftc.gov/media/game-0011-phishing-scams

 

By Vince Vitale

SOURCE:  https://resources.infosecinstitute.com/category/enterprise/phishing/#gref

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s