Phishing emails are becoming increasingly sophisticated and can be difficult to spot. However, it's important to be vigilant and take steps to protect yourself. In this post, we'll cover how to spot a phishing email and what to do if you get one.
Phishing is a type of cybercrime where an attacker, posing as a trustworthy entity, attempts to trick people into sharing sensitive information such as passwords, credit card numbers, or personal data. Phishing attacks often involve sending fraudulent emails or messages that appear to be from a legitimate source, such as a bank or an online retailer, but actually contain links or attachments that can install malware or redirect users to fake websites that harvest their information.
The origin of the word "phishing" is derived from the word "fishing," as in "fishing for information." It is also sometimes spelled "phishing" with a "ph" to emphasize the use of technology in the process. The term first appeared in the mid-1990s, when hackers started using email as a means of targeting users with fraudulent schemes. Since then, phishing attacks have become increasingly sophisticated and continue to be a major threat to cybersecurity.
How to spot a phishing email
1. Check the sender's email address: The first step to identify a phishing email is to check the sender's email address. Scammers oftenuse an email address that appears similar to the legitimate one. Check the second half of the email address, as it should match the company's domain name (for example, @paypal.com) versus from paypal281@gmail.com. Beware of too good to be true and too bad to be true offers as well. If it strikes you as unlikely, it probably is. If you are unsure of the address it was sent from, highlight one line of the email that is not a link and press forward to be able to see the senders email. Your email client should auto generate a heading showing the to, from, cc, bcc, time stamp and subject. Do not actually forward the message, send it to trash immediately after seeing address, but you will be able to now see who the email was sent from.
2. Watch out for urgent or threatening language: Phishing emails often create a sense of urgency, fear, or panic to trick you into taking immediate action. Be wary of emails that threaten to close your account or impose fines if you don't act quickly. Legitimate companies usually don't use such tactics. Also beware of too good to be true offers, such as winning an iPad in a raffle you don't remember entering.
3. Be cautious of links and attachments: Links and attachments in phishing emails can contain malware or take you to fake websites that look like the real ones. Don't click on links or download attachments from emails that you weren't expecting or that come from unknown sources. Before clicking on any links, hover your mouse over the link to see the URL. Wait with the mouse over the URL but do not click it and the URL should show what the destination website is. If the URL looks suspicious or does not match the company, do not click on it.
4.Check for spelling, grammar, and Font errors: Many phishing emails contain spelling and grammar errors that are a dead giveaway or the Fonts of the email might change or look odd. Legitimate companies usually have proofreaders and will not make such mistakes.
5. Be Aware of Suspicious Transactions: Most financial services companies will not authorize questionable transactions and then notify you. Instead, they will simply stop the transaction and may even block your card or account until you call to unblock it. If they send any notice at all, it is to tell you that a transaction was blocked, not that one was allowed. If you notice any suspicious transactions, be sure to contact your financial services company immediately.
6. Be very skeptical of call requests: Do not call the number listed in any emails. Legitimate companies overwhelmingly do not request phone calls for anything but banks unblocking accounts that have been flagged for suspicious activity and need unblocking by the owner because it was a legitimate transaction. With most companies, a quick web search will reveal the number to call if you need to get in contact with them. Call centers are expensive to run, and if it can be handled online, it will be. Google & Amazon activity hide any number you can call even if you wanted to, they will not call you or have you call them for any reason, precisely because of these scams.
7. Don't Be Fooled by Logos: Just because an email contains a logo or branding from a company does not mean that it is legitimate. Logos are easy to copy and use, so be sure to look for other signs of legitimacy.
What to do if you receive a phishing email
8. Don't Download Attachments: Phishing emails may contain attachments that could infect your device with malware. Do not download any attachments unless you are absolutely sure that the email is legitimate.
9. Do not click any links: they may lead to software that will self download and install on your device and allow scammers access to everything
10. Contact Friends, Family, or our Company: If you are unsure whether an email is legitimate, reach out to someone you trust or contact our company for assistance. Do not call any numbers listed on the email.
What to do if you’ve already been caught in a phishing scam
Don't Panic: While being caught in a phishing scam can induce feelings of terror or urgency, remember that many others have been in your situation before. With quick action, it is possible to rectify the situation and protect yourself from further harm.
End All Contact with the Scammer: If you've already been caught in a phishing scam, it's important to end all contact with the scammer. Do not respond to any emails or phone calls from the scammer. If you are on the phone with them, hang up immediately.
Disconnect Your Device: If the scammer has been granted access to your device, immediately turn off your WiFi and unplug your device from power and from the internet if it is hard wired (see screen shots below). Take your device somewhere to have it professionally decontaminated, such as Apple or Best Buy. We want to make sure your device is safe to use and do not have access to the tools and subscriptions that others do who offer this service.
Contact your financial institutions: including banks, mortgage and loan entities, and other services such as PayPal or Venmo.
Change Your Passwords: change all your passwords and your pins, starting with the most sensitive ones. Do this from a different device than the one that was infected.
Call Friends or Relatives: If you've been caught in a phishing scam, call your friends or relatives for help. We are also available to help support you through this process, but please do 1-4 before you call us as quick action is the most important to limit damage.
Things you probably don’t need to and shouldn’t do
We do not recommend changing your phone number: getting access to your number to receive calls and texts is one of the most difficult things and the least beneficial for the scammers, and will likely make changing your passwords and accessing your bank enormously more difficult. Spoofing your number and pretending to be you is much more easy and can be accomplished without the effort of a phishing scam and changing your number will not help.
Changing your mailing address: this is a slow and arduous process, and will make confirming your identity post identity theft that much more difficult. In fact, attempting to do so while flagged for fraud can make everything more complicated and confusing to institutions that are trying to help. Take solace in that these scammers are very far away and have no interest in actually showing up at your door.
What to do to be prepared against these kinds of threats
Always make backups of your computer and update them regularly. If you are attacked by one of the scams and ransomware is installed on your computer, the likely only recourse is to erase your entire device. There are also a multitude of other good reasons to keep an up to date backup, be it in the cloud or on an external hard drive or both.
Keep your anti viral software up to date: most all of these softwares have regular updates that will block the most recent viruses, malware, and ransomware. But, the process of keeping ahead of the hackers is never ending, so please always install all updates as soon as they are available, especially the ones labeled “critical updates”. If you’re on a smart phone or tablet, these should largely be included with regular software updates.
Practice "think twice, click once."
Is this download from someone I know?
Was it something I was expecting them to send?
Does it have a title that ensures that it is what you were anticipating?
Make sure all downloads are from known and trusted companies and people and done via
official means.
We hope these guidelines are helpful, and while we will absolutely be there for you to help should this happen to you, we’d much rather it never have happened in the first place. Please feel free to share this with anyone who’d appreciate it. If there is something we’ve missed or is incorrect, let us know and we can keep this updated. This is in no way comprehensive, and scammers tactics are always changing. Our goal is to help people know when to not panic and blindly walk into scammers well laid traps. The best defense is knowing what to look for.
Σχόλια