Phishing
Phishing is the attempt to acquire sensitive information such as account logons and passwords or banking/financial information by masquerading as a trusted entity in an email or text message, and attempting to lure the recipient into sending the attacker this information.
The attacker may ask you to verify your username/password or other account information. Some common characteristics of phishing emails are:
- The email message isn’t addressed specifically to the recipient by name
- The email requests urgent action on the part of the recipient
- The email contains spelling and/or grammatical errors, and/or the subject line and/or signature are uninformative
- The email, or links therein, prompts the recipient to send sensitive information
Protect Yourself
There are several things you can do to protect yourself from phishing attacks:
- Don’t open unsolicited email messages or web links from unknown senders. On the Internet, anyone can send anyone else an email, and as with all things related to digital communications, distance is irrelevant. Any time you are reading email, you should be as alert as you would be while walking through an unfamiliar neighborhood at night;
- Never send sensitive information in an email. Email messages are sent across the Internet unencrypted, so they can be read at any point along the way. If you wouldn’t put it on a postcard, don’t put it in an email;
- Before submitting sensitive information in a web form, check that the connection is secure. It should be using the HTTPS protocol and present a valid certificate. Pay close attention to the domain name in the address bar;
- If you’re not sure if the message is legitimate, call the company to confirm;
- Type the address of your bank into your browser and log in directly, rather than following links sent to you. Avoid cutting and pasting links from an email message into a new browser window. Many people think this will help them determine if a website is legitimate; however, phishers can make links appear as if they go to a legitimate site while sending you to another website that they control;
- Never click links within emails that ask for personal or financial information. Hackers can retrieve information from your computer in various ways, including accessing stored information and monitoring keystrokes;
- Never call unfamiliar company phone numbers listed in an email. A common scam asks you to call the phone number listed in the email to update your account information. Sophisticated technology can mask an area code and divert the call to anywhere;
- Be wary of emails that seem urgent. Phishing emails often state that immediate action is required to tempt you to respond without thinking;
- Pay close attention to the web address if you choose to access a company’s website through an email link. Some phishers register domain names that look similar to the legitimate domain name of a company. If there is any doubt, open a new browser window and type the web address yourself.
Additional Resources
- Phishing (from the Federal Trade Commission)
- How to recognize phishing email messages, links, or phone calls (from Microsoft)
- How to know if an online transaction is secure (from Microsoft)
- Check Chrome’s connection to a site (from Google)
- Secure Website Certificate (from the Mozilla Foundation)
- Identify encrypted websites and avoid fraud (from Apple)
- Phishing IQ Test (from SonicWALL)