If you've ever gotten an email from a prince overseas who just happens to have a large fortune that he very urgently wants to deposit in your account (just as soon as you send him your banking details, that is), then you know what a phishing scam is. These days, such obviously fake emails have mostly gone by the wayside. Today’s phishing scams are much sneakier than their predecessors.
Phishing is a type of cybercrime that uses some form of deception to either get people to share their sensitive information or get them to click on links or attachments that infect their computers with malicious software (malware) like viruses, worms, ransomware and adware. It's aptly named too. Pronounced “fishing,” phishing got its name because criminals “fish” for sensitive information using lures like emails and messages.
Phishing scammers still utilize emails, but they also design look-alike websites where they hope you'll try to log in so they can steal your account credentials. They’ll often send their victims emails, texts or other direct messages with links to these phishing sites. They even use social media for fake brand promotions, writing spammy comments containing phishing links to impersonate customer support representatives for major brands.
5 Ways You Can Recognize Phishing Scams
- Promises of fortune or prizes: If you won an expensive prize or you're promised large amounts of money, assume that it's too good to be true, especially if you don't recognize the sender and there's a link in the body of the email or message.
- Urgent or threatening notices: You're told that your immediate response is critical or you'll lose your account access, tax return, package delivery or ability to claim that new iPad. Reputable companies won't give you such narrow time limits and chances are pretty high that you haven't won a prize. If you’re really worried that a notice from your bank or the IRS is, in fact, legitimate, don’t click any links in the message. Instead, type the URL into your web browser to go straight to the website in question or, better yet, call them on their officially listed phone number.
- No personal greeting: If the email uses “Dear Customer” or some other general greeting and your name is nowhere to be found, be very suspicious. Trustworthy companies will typically use your name and possibly other identifying facts.
- Misspelled words and/or bad grammar and punctuation: This is a clear clue that the message is spam. Legitimate companies take the time to make sure their communications are well written (and proofread).
- Incorrect or redirected URLs: If there are links in the message, hover over them to see where they lead (but don't click). Often, these are misspelled or clearly don't direct to the website of the company the message claims to represent.
How to Protect Yourself
- Never click on links in an email. Instead, type the link in your browser yourself.
- Don't open attachments from senders you don't recognize or that seem suspicious. This can trigger a malware installation onto your computer.
- If you get a suspicious message from someone you know and trust, send the person a NEW message (don't reply) or call them and ask about it.
- Use two-factor authentication everywhere you can. This protects your accounts in the event that someone accesses your passwords.
- Don't post personal data online—it could be used against you.
Some of today’s advanced antivirus programs include real-time anti-phishing protection that can detect and prevent phishing attacks. Be sure to look for anti-phishing capabilities when selecting an antivirus product. In the meantime, watch free learning videos from Webroot, the Smarter Cybersecurity® experts, to help you stay secure and cyber-savvy.
October is National Cyber Security Awareness Month—an opportunity to further commit to practicing safe online habits and recognize that we each play a role in keeping our families, our communities and our country protected from cyber threats. Help spread the word by sharing this article with the hashtag #CyberAware on social media. Together we can make the Internet safer and more secure for everyone.
Also of Interest