You’ve heard the term, and you know it’s bad, but what does “phishing” really mean?
Phishing is a form of fraud whereby a cyberattacker seeks to obtain your sensitive information. It most commonly occurs via emails that appear to be from a legitimate organization (often a financial institution) but actually contain a link to a fake website that replicates the real one and attempts to steal your login credentials. Phishers may also operate through other methods such as fraudulent phone calls pretending to offer computer help.
What Phishing Scams Do
Phishers try to compromise your cybersecurity to gain access to your personal information — like your bank account, which they may use to withdraw money, make purchases, or open new bank or credit card accounts in your name. In addition to financial information, phishers may seek to learn your usernames and passwords, social security number, and other sensitive information that could breach your personal and home security.
Phishers may also install viruses and worms on a victim’s computer to disseminate their fraudulent emails to even more people.
How to Detect Phishing
Phishing emails can usually be identified by a few key indicators. Carefully examine emails you receive from people or organizations you don’t know, as well as emails from organizations that house or require your personal information. Here are seven things that may indicate an email is a phishing scam.
- Omission of your name. Look for generic phrases like “Dear Friend.”
- Unprofessional spelling and/or grammar.
- Threats stating that your security has been compromised or that you need to take action immediately.
- Requests for personal information, such as login credentials, passwords, or credit card details.
- Fantastic claims, like unlikely inheritances or get-rich-quick schemes promising high-interest returns.
- Misleading hyperlinks to unsecure sites. Websites that begin with “http” rather than “https” (the “s” stands for “secure”) shouldn’t be trusted.
- Requests for money or donations.
How to Protect Yourself from Phishing
Email awareness aside, there are some other things you can also do to protect yourself from phishing scams.
- Keep your computer and network security up-to-date.
Always make sure you have the latest version of your antivirus software installed — don’t just click “remind me later” every time your computer shows that it needs updating. Keep your firewall enabled and your operating system up-to-date.
- Think before you click.
If you don’t know what you’re clicking, don’t click. Hover your mouse over a link to see its destination — if it looks suspicious or unfamiliar, avoid it. Similarly, if you receive an email claiming to be from your bank, don’t use links contained in the email to navigate to it — go straight to your bank’s website instead.
- Verify the authenticity of suspicious emails.
If you aren’t certain whether an email is from the company or institution it claims to be, call the real one to find out. Your bank would rather answer your calls than have you fall victim to a phishing scam.
- Keep your router secure.
Setting a unique password for your router stops phishers from hijacking it by using the default password. Old routers are especially vulnerable to attacks, as they often came with generic sign-in credentials like “admin” and “password.” To maximize your network security, you should also turn off broadcasting (so people won’t know your wireless name/SSID), disable guest networks and remote access, update the firmware, and get a network monitoring app such as Fing.
- Be wary of suspicious phone calls.
Phishers may catch you off guard by calling you and posing as someone legitimate from your bank. Never divulge any personal information over the phone to unverified callers.
What to Do if You Are the Victim of a Phishing Scam
If you become aware of a phishing scam that targets your home or network security, you can contact the Federal Trade Commission to report it. You can also forward any scam emails you receive to firstname.lastname@example.org. APWG seeks to unify the global response to cybercrime through data exchange, research, and public awareness.
If you’ve become the victim of a phishing scam, immediately change your usernames and passwords to any compromised accounts. You will also want to contact your credit agencies and other accounts to let them know you have been the victim of fraud.