Recognize and Report Phishing
Avoid phishing with these simple tips.
Don’t Take the Bait
Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.
The good news is we can avoid the phish hook and keep our accounts secure with these tips!
Recognize and Report Phishing (Audio Description)
Stay Safe with Three Simple Tips
Look for these common signs:
- Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
- Requests to send personal and financial information
- Untrusted shortened URLs
- Incorrect email addresses or links, like amazan.com
A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spellings, so look out for the other signs.
If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.
If a message looks suspicious, it's probably phishing.
However, if you think it could be real, don't click on any link or call any number in the message. Look up another way to contact the company or person directly:
- Go to the company's website and capture their contact information from the verified website. Search for the site in your web browser or type the address yourself if you’re sure you know it.
- Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.
Omar Got Phished and Now Knows How to Avoid Phishing
Omar is a busy professional who works long hours, regularly goes to the gym, and makes time for friends and family. Like many of us, he usually shops online.
One day, Omar received an email that looked like it came from an online order. The email said his payment didn’t go through, and he needed to log into his account to approve the payment method. The email inserted a shortcut link to a website that looked like the vendor’s and insisted he sign into his account immediately.
Because Omar was in a hurry, he didn’t realize that the email and website weren’t quite right. Omar should have noticed the email address was not from his vendor’s dot com domain and that the urgent messaging in the email was sent from a hacker using a login credential phishing attempt, where the hacker tricked Omar into revealing his login credentials.
Once Omar had logged into the fake site and approved the “purchase,” hackers were able to steal his password and credit card information. They made various purchases using Omar’s money.
Luckily, Omar was able to eventually recover most of his financial losses, although it took many hours on the phone with his bank and the retailer to figure it out.
Now, Omar pauses and thinks twice when he receives urgent messages requesting information. He knows what warning signs to look out for, like messaging requiring immediate response, and always types the retailer’s website directly into the URL instead of clicking a link in an email. Omar enjoys shopping online with less stress since he knows how to secure his world.
Other Ways We Can Protect Ourselves Online
Online criminals look for easy targets, like people who don’t take basic precautions. If we take the following steps, we won’t be as vulnerable to their deceptive tactics. It will be much harder to scam us or steal our information. Let’s start now.
We can all protect ourselves, our friends and our families from online threats. It’s fast. It’s easy.
Using strong passwords and a password manager are some easy ways to protect ourselves from someone logging into an account and stealing data or money.
Multifactor authentication means using more than a password to access an app or account. With MFA, we might be asked to enter a text code or use a fingerprint. It makes us much safer from someone accessing our accounts.
Don't delay software updates. Flaws in software can give criminals access to files or accounts. Programmers fix these flaws as soon as they can, but we must install updates for the latest protection!
Learn how to get involved and become a Cybersecurity Awareness Month partner!
Check out this blog post for more tips on avoiding phishing and other forms of malicious online activity.