Phishing scams are one of the fastest growing Internet crimes. Cyber criminals use phishing messages to steal personal information such as usernames and passwords, social security numbers, or credit card numbers. They are also used to install malware on people’s systems. In a typical scam, the cyber criminal sends an email, SMS, or voice message with the intent to impersonate a person or business you know or trust. They want to instill a sense of urgency to provoke an immediate reaction or they may threaten consequences if you fail to respond. They don’t want you to think, they want you to click.
Typical phishing messages ask you to directly reply with sensitive information or have you click a link taking you to a website to collect that sensitive information. The site will usually collect username and password as well as other data like birthrate, employee ID number and Social Security Number. Or, sometimes, the site will install malware on your computer or device that grabs all data you enter into your device.
How Can You Avoid Getting Hooked?
- Patch your system and use anti-virus software. Anti-virus software and web browsers periodically offer updates, which contain security patches, so these items need updated regularly. Also, make sure your operating system and applications are up to date.
- Enable Phishing Filters or Safe Browsing Filters. These filters are built into your web browsers like Chrome and Firefox. You can do a basic web search for “browser name” safe browsing to find instructions on how to turn these on. You can also check your system using this tool by Qualys https://browsercheck.qualys.com/
- Never email sensitive information. Email is not a secure method for transmitting or saving sensitive information such as passwords, financial information, social security numbers et cetera.
- Limit your web browsing to well-known and trusted websites and use encryption. Use SSL encryption (https://) for web browsing when possible. If you initiate a transaction, look for a secure SSL encryption as well as indicators that the site is secure for transmissions, such as the padlock symbol.
- Check bank and credit card statements regularly. Watch for any unauthorized charges and report it immediately.
- Be suspicious of email. Beware of email requiring immediate attention and demanding personal information or account information. Other suspicious indicators include spelling/grammatical mistakes, an overall generic tone, and an ambiguous website link.
- Do not click on direct links. Avoid clicking on direct links provided in an email. If you get an email from a known source, such as your bank or a store, then type their web address directly into your browser.
- Verify your URLs. You can always hover with your mouse to see where a link is really taking you. If you are unsure of the exact destination site and have been directed to a site, which appears unfamiliar to you, use a search engine to look up the company.
- Do not open attachments from unknown sources. Attachments can contain viruses that allow cyber attackers to gain control of your computer system. If they gain access to your email directory or social media networks they can send malicious emails on your behalf.
- Be cautious when using a public space. If you are using a public computer, never save items to the machine, clear your cookies and cache, and sign off before you leave. Also, if you are in a public space using Wi-Fi, limit the amount of personal information you view.
- If it seems too good to be true, it is probably an attack. Help report phishing! Open a new email message and address it to firstname.lastname@example.org. Drag and drop the phishing email from your inbox into this new email message as an attachment. If you are unable to attach the item in this manner, forward the original message to email@example.com. You will need to paste the header information into this message. Learn more about internet headers.