How to Recognize and Avoid Phishing Scams
You need to be careful in today’s world to protect yourself and your business from phishing scams, using email or text messages to get you or your employees to provide sensitive information.
How Can I Recognize a Phishing Email or Text?
Scammers will attempt to use email or text messages to trick others into giving them private information. They may try to get account numbers, credit cards, passwords, social security numbers, or sensitive client data. Everyday scammers are employing 1000s of phishing attacks — and unfortunately their scams work. According to the FBI’s Internet Crime Complaint Center, reported complaints in one year currently amount to around $57 million in losses!
Unfortunately, these scammers are developing new tactics all the time, but there are some characteristics these phishing emails and texts have in common that you and your employees should know about.
Quite often, phishing emails and text messages will appear to be from companies you know, trust, and may even do business with. Some of the most common phishing ploys appear to come from online payment websites, online stores, banks, credit unions, and social networking sites.
Phishing emails and text messages frequently have a message where the intent is to trick you or your employee into opening an attachment or clicking a link. Some common ploys are…
- Your account has had multiple login attempts or suspicious activity
- You need to confirm personal information
- There is a problem with your payment information
- You need to pay a bill with a link for easy payment
- Here is your current invoice (which is fake) via attachment
- Offer free stuff
- Claim you are eligible to get a government refund or subsidy
Here’s an actual example of a phishing email provided by the Federal Trade Commission...
If you received this in your inbox, would you recognize that it is a scam? Here are the details…
- The communication appears to be from a company you might know and trust: Netflix. It even has a Netflix header and logo.
- The message is that your account has been placed on hold because of a problem with billing.
- “Hi Dear” is the generic greeting. This is a big clue – A business probably wouldn’t use a generic greeting for an email this specific, and it most likely would not be as personal as “Hi Dear”.
- There is a button provided with a link to update your payment details.
While at first look this communication might look real, it is not. Scammers who send messages similar to this one, are not affiliated with the companies they pretend to represent. When people fall for this type of phishing email and provide sensitive information, there are usually serious consequences. This is in addition to the damage done to the reputation of the company these scammers pretend to represent.
How Do I Protect Myself & My Business From Phishing Attacks?
Many email platforms have spam filters that keep the majority of these phishing emails out of your inbox. But these scammers are constantly trying to beat the spam filters. That’s why it’s smart to arm yourself with additional protection. Here are some simple things you and your employees can do to protect yourself and your company from phishing attacks.
Four Steps to Avoid Damage from Phishing Scams
- Use up-to-date security software to protect your computer. You can often set your software to update automatically to deal with new security threats.
- Keep your software on your mobile phone updated. Software updates for your cell phone often contain changes to protect you from known security threats. If employees use their phones to access company accounts or data, insist they keep their software up-to-date.
- Use 2-Factor Authentication on logins to protect your accounts. Most sites today offer added security that requires extra information before accessing the account, called multi-factor authentication. The additional information could be something you have like a security code that you receive via text, or something unique to you like a scan of your face. Multi-factor authentication makes it more difficult for scammers to log in to your accounts if they do get your username and password.
- Protect your data with regular backups. Back up your data to the cloud or other storage that is not connected to your home or office network. It is smart to back up the data on cell phones as well.
What Should I Do If I Suspect a Phishing Attack?
Whenever you receive an email or a text message from someone asking you to click on a link or open any type of attachment, ask yourself, “Do I have an account with this business?”
If your answer is no, it could very well be a phishing scam. Does the communication have any of the signs identified above? If they do, report the message and then delete it.
If your answer is yes, make contact with the company directly using a phone number or email from a statement or other resource – NOT from the questionable text or email.
You always want to be careful opening attachments or links because they can contain destructive malware. When in question, delete the email.
What Should I Do If I Responded to a Phishing Email?
If you have provided sensitive information like a credit card, account number, or social security number to a phishing scammer, go to IdentityTheft.gov. This is a complete resource that will tell you what steps to take based on the information that has been compromised.
If you have opened an attachment or clicked on a link that you think may have downloaded harmful software, update your security software and run a new scan.
How Can I Report Phishing Activity?
Phishing Emails and Texts need to be reported to help stop scammers.
- Phishing Emails can be forwarded to the Anti-Phishing Working Group at email@example.com.
- Phishing text messages can be forwarded to SPAM (7726).
- Report the phishing attack to the FTC at gov/complaint.