How to Identify & Avoid Phishing Scams

Recently cybercriminals have begun to use legitimate programs in order to scam consumers and steal their information.

These scammers use emails or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other important accounts.

Thousands of phishing attacks are launched every day and they are often very successful. In fact, the FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.

What is phishing?

Phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source – an internet service provider, a bank, or a mortgage company, for example – and asking them to provide personal identifying information.

The scammer then uses that information to open new accounts, or invade existing accounts. There are several tips that consumers can follow to avoid phishing scams, such as not responding to e-mails or pop-up messages that ask for personal or financial information.

Scammers often update their tactics, but there are some signs that will help you recognize a phishing scam.

How to recognize and avoid phishing scams

This list of common features of phishing emails from phishing.org can help you identify and avoid phishing scams:

1. Too Good To Be True – Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish prize. Just don’t click on any suspicious emails. Remember that if it seems too good to be true, it probably is!
2. Sense of Urgency – A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time. Some of them will even tell you that you have only a few minutes to respond. When you come across these kinds of emails, it’s best to just ignore them. Sometimes, they will tell you that your account will be suspended unless you update your personal details immediately. Most reliable organizations give ample time before they terminate an account and they never ask patrons to update personal details over the Internet. When in doubt, visit the source directly rather than clicking a link in an email.
3. Hyperlinks – A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance www.bankofarnerica.com – the ‘m’ is actually an ‘r’ and an ‘n’, so look carefully.
4. Attachments – If you see an attachment in an email you weren’t expecting or that doesn’t make sense, don’t open it! They often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file.
5. Unusual Sender – Whether it looks like it’s from someone you don’t know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in general don’t click on it!

Check the URL.

Phishing emails will try to trick you by looking like they’re coming from a trusted source. Always check the sender’s email address, not just the display name, as well as the website URL.

Secure websites will begin with “https” and have a padlock in the address bar next to the URL.

Check for the site’s security certificate as well. If you get a message stating a certain website may contain malicious files, do not open the website. Never download files from suspicious emails or websites. Even search engines may show certain links which may lead users to a phishing webpage which offers low cost products. If the user makes purchases at such a website, the credit card details will be accessed by cybercriminals. 

Think before you click.

The motivation behind phishing messages is to get you to open an attachment or click on a link.

Phishing emails may claim to be from a legitimate company and when you click the link to the website, it may look exactly like the real website. The email may ask you to fill in the information but the email may not contain your name. Most phishing emails will start with “Dear Customer” so you should be alert when you come across these emails. When in doubt, go directly to the source rather than clicking a potentially dangerous link.

Before you click on a link in an email, hover over it with your cursor to see what URL they point to. Do they lead where they are supposed to lead?

Use common sense.

If someone at your work sends you an email telling you they need something urgently, like money or information, call that person to make sure they really sent that email.

Most of the time, if someone needs something urgently, they will call you instead of sending you an email.

For example, a bank will not ask for personal information via email or suspend your account if you do not update your personal details within a certain period of time.

Most banks also provide an account number or other personal details within the email, which proves it is coming from a reliable source.

Educate yourself.

Stay updated on the new ways scammers are operating. New phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one.

By finding out about them as early as possible, you and your organization will be at much lower risk of falling victim to new phishing techniques.

Ongoing security awareness training and simulated phishing for all users is highly recommended in keeping security top of mind throughout the organization.

In the interest of protecting our clients and their information, every Brown & Joseph employee is required to take monthly cyber security awareness training from KnowBe4. This training includes identifying potential phishing emails and cyber security best practices.

---