Life in the Internet age has a lot of perks—we can easily stay in touch with faraway friends and family, pay our bills without paper, conduct business and even buy new products! But when you’re online, you can sometimes leave your personal information vulnerable to fraudsters looking to steal your money, identity or both.
One of the most common ways cybercriminals attempt to get this valuable information from you is through phishing. Phishing involves using fraudulent emails and copycat websites to trick you into revealing information such as bank account numbers, credit accounts, your Social Security Number, login IDs and passwords.
Cybercriminals will often use phishing email messages, websites and phone calls to trick you into installing malicious software or hand over your information under false pretenses. Downloaded malware can do things like track your keystrokes to nab your personal and account information and passwords. Phishers may employ a number of tactics to steal your information:
Names of real companies. Many phishers use legitimate company names and copy the look of official websites to fool you.
“From” an employee. Some make it appear the email is from an actual employee of the company so that if you checked if the person writing to you is an employee, it would appear legitimate. Be wary of unprompted emails from a “company employee” looking for information.
Official-looking URLs. Sometimes the URL will look right but in reality will lead you to a copycat website. Check to see if the URL begins with https:// to see if it’s a secure site—most phishing scams won’t have a secure website. Never click on an URL within an email, instead, type the official URL into your browser.
Threats and urgent messages. Many try to use fear to obtain information by threatening something like deletion of your account if you don’t respond.
Luckily, you can take steps to protect yourself from phishers:
- Call and verify. If you have reason to believe something is amiss, call the company to verify. Be sure not to use a number provided in the suspicious email.
- Look for bad spelling. Large companies and organizations use professional writers and editors. Phishing emails have stilted or incorrect grammar or misspellings. Legitimate emails generally wouldn’t contain spelling and grammar errors. Keep an eye out for uncharacteristic grammar and spelling mistakes.
- Beware of links. If you’re suspicious of an email, don’t click on any links. Hover your mouse over the link and see if the address matches the link typed in the message. These can sometimes bring you to fraudulent websites or to .exe files that can download malicious software. If it doesn’t match, don’t click on the link. If it does match, try searching for the page through the company’s website.
- Read your statements. Taking a close look at your monthly financial statements can help you to detect fraudulent transactions if your identity has been stolen.
- Increase your security. If you engage in online financial transactions, updated personal firewalls and security software installed on your computer are essential to keeping your information safe.
- Use a different computer. If fraudulent transactions make you suspect your account is compromised and you didn’t give out your information, use a different computer to change your passwords. Your computer may have a virus or Trojan installed. (A Trojan is a malicious program disguised as a helpful function that provides unauthorized access to your computer when downloaded.)
Stay informed. Keep current on news of phishing attacks to protect yourself. Anti-phishing organizations, such as Anti-Phishing Working Group, provide lists of new and current phishing scams.