Phishing scams are among the most prevalent forms of cybercrime, especially in the United States. Although phishing is becoming more widespread, just a few common sense practices can help prevent it from happening to you. Apart from ensuring you install security software, the best way to combat these scams is to learn what phishing looks like.
What is phishing?
Phishing (pronounced “fishing”) is a kind of identity theft which is growing in popularity amongst hackers. By using fraudulent websites and false emails, perpetrators attempt to steal your personal data – most commonly passwords and credit card information.
The email they send can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business. It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or some other pressing matter.
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as:
- natural disasters
- epidemics and health scares
- economic concerns
- major political elections
How to protect yourself from phishing
- Be suspicious of unsolicited phone calls, or email messages from individuals asking confidential information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company;
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email;
- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net);
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information;
- Having the latest software updates including operating system, software applications, web browsers, anti-virus protection are the best defenses against viruses, malware and other online threats;
- Utilize the anti-phishing features offered by your email client and web browser;
- Read Your Account Statements thoroughly as soon as they arrive to make sure that all transactions shown are the ones that you actually made. Be sure that the bank or merchant has your current contact information.
What do you do if you think you are a victim?
- If you believe your accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unauthorized charges to your account;
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future;
- If you think that you’re the victim of identity theft visit the Federal Trade Commission’s feature on Identity Theft for information on how to control the damage;
- Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate mark it as junk mail;
- Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information;
- Make your passwords long and strong: Combine uppercase and lowercase letters with numbers and symbols to create a more secure password;
- Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.