No One is Immune from Phishing Attacks

What Are Phishing Emails?

In a phishing attack, cybercriminals use deceptive emails to “fish” for information by purporting to be from a reputable source. The goal of phishing is to trick people into revealing sensitive information such as account information, login credentials, or other sensitive data. Alternatively, they may install malware on your computer that may compromise your computer and files.

Phishing emails use a variety of tactics to steal your information:

• Malicious attachments – the email urges you to open an attachment that contains malware.

• Bogus web links – you’re asked to click on a link that takes you to a fake duplicate website or to a site infected with malware.

• Fraudulent data-entry forms – you’re prompted to fill in sensitive information like user IDs, passwords, credit card data, and phone numbers.

​

What Do Phishing Emails Look Like?

​

​

Phishing emails and text messages look like they’re coming from a company you know or trust. For example from a bank, a credit card company, a service provider, an online payment website, or an online store.

​

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may

• say they’ve noticed some suspicious activity or log-in attempts

• claim there’s a problem with your account or your payment information

• say you must confirm some personal information

• include a fake invoice

• want you to click on a link to make a payment

• say you’re eligible to register for a government refund

• offer a coupon for free stuff

​

How to Spot a Phishing Email.

​

If the email has improper spelling or grammar - this is a common sign that an email isn’t legitimate. Sometimes, the mistake is easy to spot, such as ‘Dear Amazon Costumer’ instead of ‘Dear Amazon Customer.’

 

The hyperlinked URL is different from the one shown - The hypertext link in a phishing email may include, the name of a legitimate company, but when you hover the mouse over the link (without clicking it), look in the small pop-up window to see if the actual URL differs from the one displayed. You can also hover your mouse over the address in the ‘from’ field to see if the domain matches the name that the email was supposed to have been sent from.

 

Be wary of requests for personal information – never send account numbers, PINs, or login credentials through email, even if the request sounds urgent. Avoid emails that say you’ve won a contest you haven’t entered -a common phishing scam is to send an email informing recipient they’ve won a prize. All they need to do is click the link and enter their personal information online.

​

Be careful of emails asking for a donation - scam artists often send out phishing emails inviting recipients to donate to a worthy cause after a tragedy. For example, after Hurricane Katrina, the American Red Cross reported more than 15 fraudulent websites were designed to look like legitimate Red Cross appeals for relief efforts.

​

Tips

​

1. Legitimate businesses will not send you an email to ask for your login information or sensitive personal information.

2. Think before you click – Don’t automatically trust any email message, especially if it elicits fear, angst or too good to be true. Remember that familiar logos, senders’ names, and personal information are often faked by scammers.

3. Verify attachments before opening or downloading – even if an email seems to come from a company or person you trust, don’t open an unexpected attachment.

4. Don't click links in email messages from people you don't know, in fact, it’s not a good idea to blindly click links in emails from people you do know. Many times, someone you know has had their email hacked and clicking a link could take you to a fraud site. This is especially true if the email takes you to a login page.

5. Look for inconsistent or out of the ordinary text size, fonts, colors, button sizes, etc.