There are an estimated 2,200 cyberattacks every day in the United States. Both businesses and consumers are targeted by identity thieves.
One common type of attack run by cybercriminals is a phishing scam. Like many cyberattacks, this scam relies less on exploiting code than on manipulating human behavior (what’s known in cybersecurity circles as “social engineering”). The good news is, when you keep the telltale signs of phishing in mind, you can steer clear of this type of attack. Read on to learn seven ways to recognize a phishing scam.
What is Phishing?
Phishing is a type of scam that usually takes place over email, social media, or text message. The scammer impersonates someone trustworthy—for example, a customer service representative at a bank or an executive at your company—and asks you to take action by clicking a link. The link may trigger a download of malware onto your device, or it may ask you to enter sensitive information such as a credit card number or account password.
How to Avoid Being a Phishing Victim
Here are some top tips to recognize an email phishing scam:
- Check the sender's email address: Phishing emails often use email addresses that look very similar to the real ones, but have slight variations. For example, instead of "support@mybank.com", a phishing email might use "support@mybank-info.com". Always double-check the email address of the sender to make sure it's legitimate.
- Watch out for urgent requests: Phishing emails often create a sense of urgency, such as claiming that your account will be closed if you don't act immediately. Be wary of emails that pressure you to take immediate action without giving you time to think.
- Look for spelling and grammar errors: Phishing emails often contain spelling and grammar errors. Legitimate companies usually take the time to proofread their emails before sending them out.
- Don't click on suspicious links: Phishing emails often contain links that take you to fake websites that look very similar to the real ones. Always hover your mouse over the link to see the URL before clicking on it, and make sure it's legitimate.
- Check the salutation: Phishing emails often use generic salutations like "Dear Customer" instead of addressing you by name. Legitimate companies usually use your name in their emails.
- Check for attachments: Phishing emails often contain attachments that contain malware or viruses. Be wary of attachments from unknown senders, and never download attachments unless you're sure they're legitimate.
- Be wary of offers that sound too good to be true: Phishing emails often make offers that sound too good to be true, such as promising you a large sum of money for very little effort. Be skeptical of any email that makes unrealistic promises.
I’ve Been Phished! What Should I Do?
If you think you’ve been the victim of a phishing attack, the first thing you should do is change your password for the affected account immediately. If you use the same password for other accounts, you should change those as well. Make sure your new password is strong and unique. You should also report the phishing attempt to the service provider of the account that was compromised. They may be able to help you regain access to your account or take steps to secure it. You could also report phishing emails to federal organizations such as the FBI's Internet Complaint Center (IC3) or the FTC's Report Fraud website.
These tips are sourced from altafiber's subsidiary, Hawaiian Telcom's, blog: Phishing Attacks are on the Rise.