National Cyber Security Awareness Month is observed in October in the U.S. So it’s only appropriate to focus on ways to protect yourself from a major and common cyber threat – phishing.
Phishing is a type of scam in which criminals attempt to fool victims into revealing their sensitive personal or financial information, such as passwords, credit card details, bank account information, or Social Security numbers. Phishing scams are commonly carried out through email or text messaging, but you should be on the lookout for suspicious phone calls and web pages too. The truth is, there are many different phishing techniques used to lure in unsuspecting victims. Here’s a look at some of the most common types:
– With basic phishing techniques, a bogus email is sent to a large number of users with the intent of snaring at least a few of them.
– This is a type of phishing that targets a specific organization or person. Spear phishing relies on the scammer gathering information about their target via the internet (for example, the names of relatives or co-workers), and then using those details to craft a realistic-looking email that’s intended to extort money or sensitive information.
– This is a more specialized form of spear phishing. With a whaling attack, the intended victims are usually high-ranking employees or executives within a business or government organization, who have access to financial data and assets. These types of attacks are currently on the rise
Search engine phishing
– This type of phishing scam involves the creation of fake websites. The website usually contains offers that are “too good to be true”, like free giveaways, deep discounts, or job offers. Unknowing victims come across these fake websites while doing an online search, and once they’re on the fake site, they can be tricked into entering sensitive personal or financial information. If you come across one of these sites you should report it to Google
so they can remove it from future search results.
– Smishing is a humorous-sounding nickname for “SMS phishing”; in other words – phishing scams that are carried out via text messaging (SMS stands for “Short Message Service”, the technology used for text messages on mobile phones).
– In this type of scam, fraudsters contact victims by phone and claim to be from a reputable company or organization. Oftentimes, they’ll claim to be a bank or government employee. Despite who they pose as, the end game is the same – they try to fool their victims into giving out their financial details and personal information. You should be wary of any caller who asks for sensitive information over the phone.
While phishing crimes claim thousands of victims every year, there are ways to protect yourself. Several tell-tale signs can alert you to this type of scam. Here are some tips to help you spot a phishing attempt:
- Be wary if you receive an email with grammatical, spelling, and/or punctuation errors. It’s common for phishing emails to contain this type of bad grammar, because many phishing attacks are carried out by foreign criminals who have a poor grasp of the English language.
- Threats and demands for urgency are red flags. For instance, the scammer might pose as an IRS representative and warn you that if you don’t respond to their phone call or email immediately, you could face jail time or legal action. It’s important to keep in mind that the IRS will never threaten you, demand immediate payment or speak to you in a hostile or insulting manner. Nor will they ask for your credit card number or bank account information over the phone or through an email. If the IRS needs to get in touch with you, their first method of contact is typically via postal mail.
- If you get an email from an unknown source that contains attachments you are instructed to open: ignore those instructions! The attachments could be malicious software that could damage or disable your computer system. You should never open attachments in an email if you don’t know the sender. And even if you do know the sender, you should still think twice about opening any attachments you’re not expecting. It’s possible for criminals to “spoof” the Sender details of an email, making it look like it was sent from someone you know.
- If you receive an email that contains suspicious links, be wary until you have investigated them a bit. You can do this by hovering over the link to see where it actually leads. If the URL doesn’t contain “https”, that’s an indicator that the website it leads to is not secure. You should never enter any personal information on an unsecure web page. Also, if the link address looks different in the email than it does when you hover over it, it could indicate that the sender is trying to fool you. For example, if the email contains linked text that reads, https://www.irs.gov, but when you hover over the link with your mouse it shows a different address like http://spidmo.net/188789878, you should be highly suspicious.
- You receive an email sent from a legitimate person or organization, but it just doesn’t have the same look or feel as emails you usually receive from that sender. Email spoofing allows scammers to send emails that appear to be from legitimate sources, so use your instincts to weed out these phony messages.
If you suspect you’ve been targeted by a phishing scam, you should immediately report it to the Federal Trade Commission
. Phishing emails and text messages can be forwarded to email@example.com
. You can also file a complaint at ftc.gov/complaint
. You should also report the scam to the person or organization that was impersonated in the email or text.
If you fear that you’ve already fallen victim to a phishing scam, and have provided your personal or financial information, you should contact your financial institution immediately, and visit https://www.identitytheft.gov/
to report and recover from potential identify theft.