You get an new email. It’s from Paypal. It says there is a problem with your account. It provides a link and instructs you to click on it to “verify your login credentials.” You follow instructions, but when you enter in your username and password, it doesn’t take you to your account. It takes you to a fake (but mostly legit-looking) page, and now your info is in the hands of criminals. What just happened? It’s called “phishing”.
So what IS phishing? (According to Phishing.org:)
“Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”
How do you spot it? There are fortunately several “tells” or “red flags” that can alert you to the fraudulent sites.
Carefully examine emails! Scrutinize them before you download attachments or click on any included links, and use common sense. Did you actually order anything recently? Did the email come from a store you don’t usually buy supplies from? If it doesn’t quite fit, it’s probably a phishing attempt.
Don’t recognize the name? Double-check the “From” address of any suspicious email; some phishing attempts use a sender’s email address that is similar to, but not the same as, an organization’s official email address. Especially if that email is urging you to provide your password or other sensitive info. Legitimate companies NEVER ask for this information via instant message or email. Your bank doesn’t need you to send your account number – they already have that information. the same with sending a credit card number or the answer to a security question.
Sounds too good to be true? Lucrative offers or attention-grabbing statements are designed to attract your attention immediately. For instance, many claim that you have won an iPhone, the lottery, or some other highly popular prize. Don’t click on any suspicious email! Remember that if it seems too good to be true, it most likely is!
Don’t randomly click on links! At first glance, these URLs can look perfectly valid, but if you hover your cursor over the URL, you can usually see the actual hyperlink. If the hyperlinked address is different than what’s displayed, it’s probably a phishing attempt and you should not click through.
Unexpected urgency? “Urgent action required!” “Your account will be closed!” “Your account has been compromised!” Intimidation tactics are becoming more common than the promise of “instant riches” taking advantage of your anxiety and concern to get you to provide your personal information. Don’t hesitate to call your bank to confirm.
Attachments? Does it contain an attachment that you weren’t expecting or that doesn’t make sense? Don’t open it! They are almost ALWAYS guaranteed to contain payloads like ransomware or other viruses.
Just seems strange? Even if it looks like it’s from someone you don’t know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just dodgy in any way, DON’T CLICK ON IT!
Remember, your bank, credit card issuer, or other financial companies will NEVER ask you to provide sensitive information via email, text, or instant message. If you have any doubt, CALL THEM (get the number from an old bill) and verify! If it’s a message from a friend or family member, call to make sure the attachment is legit. It’s better to be safe than sorry!
Chips Computers wants to help make your technology and protecting your information easier! Always feel free to contact us with questions or concerns about your computer.