Phishing scams are the most common threat to online security today. They can target your personal information at home and your professional information at work. These phishing scams aim to trick you into providing sensitive information like passwords, personal details, addresses, banking information, and more by pretending to be a legitimate business or person. Although scams have gotten better at hiding themselves, there are things you can do to protect yourself against them.
What is Phishing?
Phishing is a type of cyber attack where hackers pretend to be a trusted organization or person to get you to give up sensitive information that can help them get access to your accounts. These attacks are most often in the form of emails, text messages, or fake websites that look real.
How to Spot a Phishing Attempt
1. Unknown or Suspicious Email Address
If you get an email from an address you don’t recognize or the email address looks suspicious, it is likely a scam. Look for minor spelling errors or random characters in the address that a legitimate email address wouldn’t have. If you think the address looks suspicious, it's better to be safe and just delete the email before opening it. This goes for text messages, too. If you get a text and notice in the preview of the message that something seems off, just delete the message. Don't bother opening it and exposing your device to a possible phishing attack.
2. Sense of Urgency
Scammers often create a sense of urgency and panic by claiming your account will be locked or that you must take immediate action. If you feel pressured to respond right away, don't!
3. Unexpected Links or Attachments
Never click on a link in an email or text if you weren’t expecting it. This also applies to email attachments; even if it looks like an innocent PDF, it can be malware or ransomware. As a general rule of thumb, don't click on things you weren't expecting.
4. Spelling and Grammatical Errors
Many phishing emails and texts have spelling and grammar errors. A professional company is unlikely to send something out with these kinds of mistakes. If the email or text has unusual phrasing or uses a strange greeting, like “Hello friend,” this is likely a scam.
5. Requests for Information
A legitimate company isn't going to ask you for personal or financial information via email or text. If you are unsure, reach out to the company directly and ask them to verify the information. It should go without saying but don’t respond to the email or phone number that the suspected attack is coming from, look up the official company phone number or email and reach out to them that way.
Examples of Common Phishing Scams
Online Shopping Scams: Emails from companies like Amazon claiming there’s a problem with your recent order. They will often ask you to verify your shipping address and other personal information claiming your package won't be delivered without verifying sensitive information. They may also reach out to you saying your payment didn't go through with a link to enter your credit card information.
Banking Scams: Emails or texts claiming to be from your bank that ask you to verify your account details. Or a notice from your bank of fraudulent activity and, to start a claim, you must click the link they provided.
Social Media Scams: Direct Messages (DM) from Facebook saying you will lose access to your account. Facebook will never send you a DM if your account is at risk. Look out for the account the DM is coming from. A lot of times it will say “Facebook” with a bunch of random numbers after it. This is fake!
What to Do If You’ve Been Scammed
Phishing attempts are getting better at disguising themselves. If you think you have been scammed, here are a few things you can do:
- Change your passwords immediately and make sure they are random and unique - never use the same password for multiple accounts
- Contact your bank to secure your financial accounts
- Report the phishing attempt to prevent others from being affected by it - most email providers, like Gmail, allow you to report a suspicious email as phishing or spam
- Keep your computer’s security up to date and enable multi-factor authentication for all accounts that offer it, like email and your online banking account
Scams and phishing attacks are constantly evolving and can be tricky to tell what's real. Staying alert and pausing to think before clicking a link or providing information is a good way to prevent yourself from falling for an attack. If you are unsure, always reach out to the company or organization directly to have them verify if that came from them or not. If it didn't come from them, this is a great way to let them know that someone is impersonating them and they can alert other customers.
For more information on how to protect yourself from security attacks, read our tips on keeping your personal information safe.