Scams are nothing new. There have always been criminals who try to trick people into giving them money or information. However, in today’s technology-driven world, criminals have become more advanced in how they attempt to trick people or steal information. Phishing has become one of the main ways that criminals try to gain access to other’s information. What is phishing? Phishing is when criminals use fake emails, social media posts, or direct messages to get you to click on a link or open a file. In these cases, the links or files give the criminals access to your personal information and/or install malware on your device. Fortunately, it is easy to avoid a phishing message if you know what to look for. With just a little information, you can protect your data.
Email Phishing is the most prevalent type of phishing attack. Many times, the email will look legitimate with only minor changes. In this case, it is important to be familiar with the people you correspond with and the companies that you do business with. Most phishing emails will prey on fear or a sense of urgency; for example, you might get an email that says your information has been compromised and you need to click on the provided link in order to change your password. Every time you open an email, remember that phishing messages have these goals:
• Cause the user to click a link that downloads malicious software on your device
• Cause the user to download and open an infected file
• Cause the user to click a link that takes them to a fake website and prompts them to submit personal information
• Cause the user to reply to the fake email and supply personal information
There are other ways to spot a phishing email. Read every email with a critical eye with these questions in mind: Does it contain an offer that is too good to be true? Does it have a sense of urgency or a threat? Are there misspellings or poor grammar? Does it include requests for personal information? Does the sender’s email address match the company it is supposedly coming from (e.g., amizon.com vs amazon.com).
Now that you know what to look for, what should you do when you get a phishing email? First and foremost, do not click on any links or reply to the message! The simplest thing to do is just click Delete. You can take it a step further by blocking the sending email address from your email software. Some email platforms let you report phishing attempts. If so, it is best to report it quickly. If you receive a phishing attempt in your work email, it is important that you notify your IT department immediately. The sooner that you do, the sooner that they can act to ensure that your data, as well as the company’s information, remains secure.