The internet is an amazing tool that has changed the world. However, cyberspace can be a dangerous place. Cyber criminals want your personal information. One common technique scammers use is known as phishing. To date, such attacks have cost users hundreds of millions of dollars. Don't become the next victim. Phishing schemes are directed at the weakest link in any security system: the user.
Criminals send out seemingly authentic emails directing users to a website. Once there, the scammers use tricks to get people to reveal sensitive personal information. Scammers may also send an email with an innocent-looking attachment, such as a Zip file or Word document. If the user downloads the attachment, malicious software is installed on the user's computer.
Many phishing scams are elaborate and believable. That is why so many people have followed a fake link or downloaded an infected attachment. However, there are certain things you can look for:
- Urgent action: Many phishing emails warn of major consequences if no action is taken. You may be warned that your bank account will be closed, or be told that unauthorized charges have been made on your credit card. The scammers want you to act quickly before you have time to think clearly.
- Spelling and grammar: If the email message contains obvious spelling or grammar errors, be suspicious. Most large, reputable companies will carefully edit their messages before sending them out.
- Link to a website : Many phishing emails include a link to a fake website, where you are expected to "validate" your information. Microsoft's Safety and Security Center recommends that users hover over the link in the email without clicking. When a pop-up box opens, check to see if the address in the pop-up box matches the email link's address. If the addresses don't match, do not click the link.
- Requests for personal information: Phishing attempts will nearly always include a request for personal information. Scammers will often ask you to update or validate your address, date of birth, personal identification number, credit card information, bank account numbers, and other details they can use to steal your identity.
- Pop-up ads: Reputable companies won't ask you to update personal information by using pop-up ads.
So what should you do if you are suspicious? Don't open any attachment or follow any link unless you are 100 percent sure it is legitimate. Banks and credit cards companies won't ask you to validate information via email. Whenever you have doubts, find a reputable phone number and investigate using the telephone.
Education is also a good prevention tool. Online phishing quizzes such as the SonicWall Phishing IQ Test (sonicwall.com/phishing/) and the US Federal Trade Commission's "Take the Bait" quiz (consumer.ftc.gov/media/game-0011-phishing-scams) are excellent ways to learn about phishing techniques. "Anti-fishing"for Android is a phishing education app that allows you to test your knowledge in a fun way.
If you think you are the victim of an email scam, take action as soon as possible.
- Call your credit card companies immediately.
- Change passwords for any site that has any of your sensitive personal information.
- Run a virus scan using a program, such as Malwarebytes or Avast.
- Make sure your browser and other programs have been updated. Software updates often remedy known security issues. If you are not updating on a regular basis, your computer may continue to be vulnerable.
- Periodically review your bank accounts and credit card statements and look for any suspicious activity.
- Report the scam to the company whose information was faked.
You should also report suspected phishing scams to law enforcement authorities in your country. A short list includes:
- The Federal Trade Commission in the USA (ftccomplaintassistant.gov)
- ActionFraud in the UK (actionfraud.police.uk)
- Canadian Anti-Fraud Centre (antifraudcentre-centreantifraude.ca)
- Australian Cybercrime Online Reporting Network (acorn.gov.au)
Extreme caution is your best defense against the scammers. Educate yourself about the tricks they use. Reduce your computer's vulnerabilities with virus scanners, firewalls and frequent software updates. Know which actions to take if you are a victim. Knowledge is your greatest weapon against cyber criminals. Wield it wisely and you will no longer be the weak link in the security chain.