Phishing refers to when scammers use emails, phone calls or texts in an attempt to trick you into giving them personal information such as account numbers, passwords or even your social security number. In a phishing scam, the other party often claims to be someone you know personally or to represent a business that you are familiar with, such as your bank, in order to gain your trust. With phishing attacks becoming more and more sophisticated all the time, it can be very tricky for an unsuspecting consumer to spot the red flags. In fact, the Federal Trade Commission reports that it received more than 2.1 million fraud claims in 2020, with online shopping and imposter scams being two of the top three categories reported.
It’s clear that phishing is a very real threat to anyone with a phone number or email account, but what can you do to prevent it? Since October is Cybersecurity Awareness Month, what better time to arm yourself with knowledge and learn how to recognize phishing emails and texts so that you can protect your personal information.
Types of Phishing
There is much more to it than the classic email that promises to make you a millionaire. Phishing is a sophisticated business in constant evolution as we use devices more and more. There are many types of phishing scams out there to beware of, some of the most common being:
Have you ever gotten a strange SMS from the bank that you didn’t quite understand? Did it include a link? That was probably “smishing”, a cyberattack that intends to gather information through phishing text messages. In this type of phishing, scammers send a text claiming to be from a trusted source, asking for personal information. Their messages normally contain a malicious, but tempting link.
Voice phishing, sometimes called “vishing,” is a fraudulent phone call, during which the attacker claims to represent an organization or person familiar to you and asks you for personal information.
One of the most common scams consumers encounter is PayPal phishing, meaning attackers send an email or text pretending to be from PayPal, often with a link to a fake website, where the scammers can learn your login and password. Sometimes, PayPal scam emails claim that you received a payment or overpaid for an item in order to grab your attention.
Whaling is a type of phishing that tries to land a “big fish,” such as the CEO of a large company or other high-profile individuals. These types of scams are often very elaborate and can be a way for bad actors to get their hands on highly sensitive information. One high-profile whaling or phishing example involved an HR employee at Snapchat handing over employee payroll information to a scammer.
Spear phishing means a scam that is targeted at a specific person, rather than a large group of people. It uses messages that are customized to appear legitimate, and they’re often used as a means to gain access to a large organization. What makes spear-phishing different from whale phishing, is that it targets lower-profile people.
How to Prevent Phishing
Now that it is clear what phishing is, it is important to know how to recognize phishing emails and messages in order to protect yourself from cybercriminals. If you suspect anything, never click on it. It is only natural that this year's European Cybersecurity Month slogan is “Think Before You Click”, spread on social media under the hashtag #ThinkB4UClick. We already explained how to detect an online shopping fraud and how to recognize a non-legit site. Now learn the common signs of a phishing scam:
Urgent messages telling you to act immediately. If you get a message telling you that you must act immediately to avoid a penalty or claim a prize, chances are it’s a scam. This sense of urgency is meant to prevent people from thinking too much or consulting others before acting. If the message claims to be from a business that you know, slow down and call them at a known number. Remember to #ThinkB4UClick.
Unknown sender. Of course, you might sometimes get a text or email from someone you don’t recognize, but when you do, it is important to look closely and make sure it’s legit before you respond.
Non-specific greeting. If you receive a message that starts out “Hi there,” or “Dear Sir,” it’s could be a scam. A company that does business with you will know your name.
Unknown links or attachments. When a suspicious email contains a link or attachment, never click on it. You could end up with a virus or worse.
Spelling and grammatical errors. Sometimes these errors are unintentional and the result of scammers not having editors as a large business would. However, other times they are intentional in order to trick consumers by changing one letter in a company web address.
Government refunds. Phishing emails claiming that you are eligible to receive a tax refund or other payment from the government are common. But as a matter of fact, the IRS does not even use email or text messages to communicate about tax refunds or payments.
Protect Your Information
Apart from being wary of phishing scams and thinking before you click, there are a few more things that you can do to avoid being a victim. Learn it all about our 6 basic cybersecurity tips or get a glimpse below. These steps don't even require much work:
Use a secure network, avoid free wifi.
Install reputable antivirus software and keep it up to date.
Update operating systems automatically.
Back up your data regularly.
Use strong passwords and multifactor authentication to protect your data and devices.
How to Report Phishing
It is important to report phishing emails when you receive them, instead of just ignoring them. Why? Because the information that you provide can help fight against cybercriminals and protect many potential victims. But how to do it?
If you received the message on your work email (or school email), report it to the IT department right away.
Forward scam emails to the Anti-phishing Working Group at firstname.lastname@example.org. Forward phishing text messages to SPAM(7726).
Report it to the FTC at ReportFraud.ftc.gov.
What to Do If You Have Been Phished
If you responded to a phishing scam and are concerned that you have compromised your personal information, take action immediately.
Immediately change the passwords on any accounts that are involved. Set a strong, unique password for each of your accounts.
Contact your bank or credit card company right away if you feel that your accounts are at risk.
Contact law enforcement if you have lost money or suspect you have been the victim of identity theft.
If you clicked on a suspicious link or ended up on a fraudulent website, run a virus scan on your computer right away.
Phishing is all too common these days, and chances are that you have received at least a few suspicious emails and texts yourself. Do your part and #BeCyberSafe by learning how to recognize phishing scams and reporting all phishing attacks to help bring down cyber scammers.