Be Aware of Phishing and SpearphishingRemember that, no matter how real the email looks, no legitimate company will ask for personal information through email. The real purpose is to steal your information so a scammer can run up bills or commit crimes through an illegal activity called “phishing.”
Use your best judgment when on the Internet. If it sounds too good to be true, it probably is. Here are some tips to help prevent becoming a victim of phishing:
- Delete email messages that ask for personal or financial information such as credit card and bank account numbers. By stealing brand names and logos of banks, e-tailers and credit card companies, phishers use social engineering techniques to attempt to convince recipients to respond, enter login credentials or click on the links within.
- Avoid clicking on links contained in emails even if they appear to come from a trusted source or a person in authority at work. These links may lead to ‘watering hole’ attacks or malware infested websites masquerading as trusted websites. Visiting these websites could compromise the security of your computer.
- When accessing websites such as social networking or financial websites that require a login, access the website by typing in the website address yourself and look for signals that the site is secure. For example, the URL where you enter your personal information should begin with https (the “s” stands for secure). A closed padlock is not always a sign of a secure site as these have been known to be spoofed by phishers.
- Be suspicious of emails that ask you to call a telephone number. Area codes can mislead. Even if it uses a local area code it doesn’t guarantee that the caller is local. If you need to speak to an organization you deal with, visit their website to find their contact number, call them from a number found on your financial statements or use a number found on the back of a credit card.
- Be suspicious of emails that request you to open an attachment, even if the message is from a friend. Look at the date/time the message was sent, the subject line and the sender and if in doubt, telephone your friend to verify or just delete the message.
- Look for spelling mistakes, grammatical errors or inconsistencies in the typeset of emails from professional organizations. These may be clues that an email is false.
- Keep your browser and operating system updated with the latest software patches and system updates. Phishing attempts exploit browser vulnerabilities that fool users and install malicious code. Set your computer to automatically update your firewall as a continual line of defense to new viruses, worms, and other hacker tools.
- Be sure that everyone in the family, including children and seniors, understand that safety and security are a priority when accessing the Internet