Each year millions of people fall victim to phishing attacks, resulting in tens of thousands of people losing their identity — or their money.
What is a phishing attack? A scammer disguises an email to make it look like it’s coming from a legitimate source, like a government agency, financial institution or even a family member. It has some sort of call-to-action encouraging the target to click on a link embedded in the email. It could be an alert about an account that needs updating, an order you placed or a request for information.
When you click on the link, you are redirected to a legitimate-looking website for your bank or credit card, where you’re invited to log in. The phisher captures your log-on or your personal information, to pose as you on the real website and proceed to drain your funds and/or spend your money.
You are the first and last line of defense against a phishing attack. Your only real protection against a phishing attack is a clear understanding of how it works and knowing the tell-tale signs to avoid falling prey. Here’s what to look for:
- Phony sender address – The first place to look is the sender’s address. Look closely for any misspellings or conspicuous dashes in the sender’s address or the subject line. When you hover the mouse arrow over the sender’s email address, it will reveal the sender’s actual email address.
- Suspicious salutation – Be suspicious of any email that doesn’t include your first or last name. It’s best to just delete the email.
- Urgent call-to-action – Emails asking you to take immediate action are suspect. Do not click on any links.
- Request for sensitive information – No legitimate organization, whether it’s a government agency, financial institution or business, will ask for personal or sensitive business information by email.
- Phony links – With any email, you should inspect a link to ensure the organization’s name is spelled correctly. If you do click on a link to a website, inspect the URL address to ensure it is preceded by an “https.” The “s” indicates that the site is secure.
The bottom line? To avoid a phishing attack do not click on suspicious links, and never provide sensitive information to unknown or suspect websites.