We talked recently here on the blog about spam, what it is and how you can protect yourself. There’s a specific kind of spam we’d like to address this week, one that can cost you money or lead to identity theft: Phishing.
Phishing is the act of attempting to get personal information – usernames, passwords, or financial information – through email that masquerades as a legitimate message. The messages often look like they’re from popular social media websites; auction and retail websites like eBay and Amazon; payment processors like PayPal; banks; IT administrators; or the IRS.
At a glance, the email will look nearly exactly like one your bank or other institution would send: Same logo, same font for the text, even the same wording. They’ll scare you into thinking something is wrong: Your account has been compromised, you have a virus, you need to update your username and password, etc. There will be links to help you solve whatever the supposed problem is. Click on those links, and you’re in for a world of trouble. They could contain viruses or malware, or they could lead to a form that captures your keystrokes or records your personal information when you type it in and press “submit.”
Learn what legitimate messages look like. Get familiar with the messages you get from your bank, PayPal, or other institution. Most will include some sort of personal information: Your name, username, part of your account number, etc. Generic messages addressed to “Dear PayPal Customer” are fake. Real messages from your bank will also be well written and without grammatical and spelling errors. If you’re suspicious about an email, mark it as junk or spam in your email software.
Don’t click any links. A phishing email will contain links to assure you an easy fix for the problem. The website addresses will be masked so that they look like they’re coming from a legitimate source. Never clink on the link in an email. Type the URL for the website of your bank/payment processor/social media, etc. directly into your web browser. Don’t use the phone numbers listed in the phishing email, either. Look up the number for the institution you need to contact, and call them.
Once you’ve successfully logged into your account -- again, by typing in the URL rather than clicking a link in the email -- and seen no messages about account problems or compromises, you can conclude that the email you got is phishing.
Don’t try to win. Sometimes phishing emails will try to catch you with a big prize. If it’s too good to be true, it probably is.
Be wary of email asking for confidential information. Banks and other financial institutions will never ask for your information via email. They’ll call or send you a letter. The same for the IRS – they will always send you a letter in the mail. Also, never fill out a form in an email asking for information. Financial institutions don’t do this.
Stay up to date. Security software and email filters will prevent most spam and phishing emails from reaching your inbox. Keep these programs up to date and mark suspicious emails as junk or spam. Some email filters can be “taught” to recognize email as spam, and the more messages you flag as problematic, the smarter your filter can become.
Do you have questions about email security? Contact us today!