Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get this information, they could gain access to your email, banking information, or other important accounts. Scammers launch thousands of phishing attacks every day, many of which are successful. The FBI’s Internet Crime Complaint Center reported, “$57 million are lost to phishing schemes annually.”
Scammers often update their tactics, but there are signs that will help you recognize a phishing email or text message.
Phishing emails and text messages may look like they’re from a company you know or trust.
They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store. Some phishing emails may even use the name of a coworker, boss, or friend to trick you into trusting the content of the email.
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.
- say they’ve noticed some suspicious activity or log-in attempts on your account,
- claim there’s a problem with your account or your payment information,
- say you must confirm some personal information to continue using their service,
- include a fake invoice,
- want you to click on a link to make a payment,
- say you’re eligible to register for a government refund,
- or offer a coupon for free items.
Here’s a real world example of a phishing email.
Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.
- The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header.
- The email says your account is on hold because of a billing problem.
- The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this.
- The email invites you to click on a link to update your payment details.
While, at a glance, this email might look real, it’s not. The scammers who send emails like this are not affiliated with with the company they are pretending to send from. Once you’ve clicked the link to update the account informations, these scammers likely have gained access to personal information, which can be both damaging to you and the reputation of the companies they’re spoofing.
How To Protect Yourself From Phishing Attacks
Your email spam filters may keep many phishing emails out of your inbox, but scammers are always trying to outsmart spam filters. It’s a good idea to add extra layers of protection. Here are four steps you can take today to protect yourself from phishing attacks.
Four Steps To Protect Yourself From Phishing:
- Protect your computer by using security software. Set the software to update automatically so it can manage any new security threats. Leaving your security software un-updated may leave gaps in your computer’s security!
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log into your account. This is called multi-factor authentication. The additional credentials you need to log into your account fall into two categories:
- Something you have — like a passcode you get via text message or an authentication app.
- Something you are — like a scan of your fingerprint, your retina, or your face.
- Multi-factor authentication makes it harder for scammers to log into your accounts if they do steal your username and password.
- Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
What To Do if You Suspect a Phishing Attack
If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with this company or know the person who contacted me?
If the answer is “No,” it could be a phishing scam. Look for signs of a phishing scam and if you see any signs, report the message and then delete it.
If the answer is “Yes,” contact the company using a phone number or website you know is real. Do not contact the company using the information in the email. Attachments and links can install harmful malware.
What To Do if You Responded to a Phishing Email
If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. This federally-funded site will give you specific steps to take based on the information you lost.
If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software, then run a scan.
How To Report Phishing
If you received a phishing email or text message, report it. The information you give can help fight scammers.
Step 1. If you received a phishing email, forward it to the Anti-Phishing Working Group at email@example.com. If you received a phishing text message, forward it to SPAM (7726).
Step 2. Report the phishing attack to the FTC at ReportFraud.ftc.gov.
Recommended Tools for Responding to and Reporting Phishing
There is no better defense against phishing attacks than user awareness and training. At AZ, our employees work through a monthly security awareness training program, which includes quick training videos designed to help you quickly identify most scams and phishing attempts. Employing an employee security awareness program will help you reduce your business’s vulnerability to scams and will also help you identify which employees need the most training.
Click the button below to learn more about Security Awareness Training and how you can protect your business from Phishing attacks.
This article was written by Robert Culpon, CIO and Shareholder in our Technology Services office.