Scammers have become quite savvy in their attempts to take advantage of your personal information and/or your company's information. These attacks can be detrimental to companies and their systems and finances. That's why it's important to be able to recognize a scam to protect yourself and others.
So first thing's first: what is a phishing scam?
Phishing is a cyberattack that often uses emails, text messages or malicious sites (links) to gain access to the recipient's personal information or infect the device with malware or viruses. The attacks may attempt to steal your passwords, account numbers, bank information, social security number, etc. to gain access to personal and/or financial information.
According to the FBI, phishing was the most popular cybercrime in 2020.
Many of them come in the form of socially engineered emails: emails that look genuine and like they're from a person or company you know and trust. They are often individually crafted and so sophisticated, they can evade detection from even advanced email filters. However, many phishing attempts have a few things in common that you can look out for to avoid falling for their traps.
How to detect a phishing attempt:
1. The message comes from a suspicious email, domain or link.
Most organizations will have their own email domain or company account. Is the sender an email address you've corresponded with before? Is something in the sender's address or domain misspelled? Some scammers also send links that either infect the computer upon download or send the recipient to a fake webpage.
Helpful Tip: Search your inbox to see if the email address is one you've corresponded with before. Does the domain match the company? You can also check if a link is legitimate by hoovering your mouse over the link and seeing what pops up. If the link's site does not match the domain or sender, it could be a phishing attempt.
2. The email contains spelling and/or grammar mistakes.
You can often spot a scam by how poorly the message is written. Most brands and their employees use a spell-checking system. Think about it: how often do you look over an email and check for mistakes before you hit the "send" button?
Helpful Tip: Look for grammatical mistakes. Sometimes scammers will use a spellcheck system, too, but the words will often be jumbled up.
3. The email demands urgent action.
Many phishing emails want to illicit emotion to rush you to take action. These are especially effective when disguised as work emails. Criminals know we're likely to drop everything when our bosses email us with an important task. Watch out for emails that ask you to send any personal or financial information ASAP.
Helpful Tip: Check the email address to confirm it's the same one the sender typically uses. If you can, reach out to that person via another form of communication to confirm. If it's work-related, report the message to your IT department.
4. The email requests payment information, passwords or other credentials.
Any email that requests payment information, passwords and other login credentials should be treated with the utmost caution. Criminals may send a link to a website that looks legitimate, but redirect you to a fake login site.
Helpful Tip: Many financial institutions will never ask for your information via email. Be cautious of links that ask for payments, claim there's a problem with your account or ask you to confirm personal information. You can always reach out to the company or previous correspondent to doublecheck.
5. You won! The email offers you some goodies.
Some scams will claim you won a big prize or offer you a coupon and ask you to click on a link to redeem it. If the sender is unfamiliar, the link looks suspicious when you hoover over it or you did not initiate the contact, it's probably a phishing attempt.
Helpful Tip: Is the reward too good to be true? Did you previously sign up to win a prize? Check the email address first to see if the message came from the actual company. Then hoover over any links or buttons to see if the link matches the company's website. If not, it's probably a scam.
Other Helpful Tips to Avoid Becoming a Victim:
- If you're unsure about a message, the best thing to do is report it and don't open it. Contact your IT Department for steps moving forward.
- Keep a clean device. Make sure all software is updated on all internet-connected devices.
- Never reveal personal or financial information via email.
- If you're unsure if an email is legitimate, try contacting the sender or company directly to verify the message.
- Protect your accounts by using multi-factor authentication.
- Use strong, unique passphrases rather than passwords.
Scammers may also attempt to reach you and obtain personal information through your cell phone. Check out our quick video about smishing below.