We all know the aftermath of being hacked: canceling credit cards, updating passwords, ensuring your identity is safe, etc… Not only is this a hassle, but depending on the account that was hacked, you could end up releasing not only your own private information but also sensitive information regarding your company.
To help you avoid any of these fatal effects that are the aftermath of a hack, I have started a series of posts with my tips on online security.
First up are my tips on avoiding phishing attempts.
What is Phishing?
A phishing attempt is a malicious attack that happens when someone tries to access your personal information by posing as trusted site/party. Generally, hackers utilize email, ads, or sites that look similar to sites you already use as the medium for phishing attempts. In simple terms, they are trying to trick you into giving them your information. For example, someone phishing for your information might send you an email that looks like it’s from your credit card company in hopes of receiving your billing information.
So how can you combat these attempts? First and foremost, it’s important to never send personal info such as passwords, credit cards, etc. through email or instant messaging. No trusted site/company should ever ask for personal information via email. That being said, there are many other ways that you can identify a phishing scam.
Here are 6 Tips for Identifying a Fishing Attempt:
Messages that Contain Threats to Shut your Account Down.
If you received this message out of the blue, it is likely a phishing attempt. The best thing to do in this case is contact the customer support team of the given account through the official site or phone number, do not click any links in the suspicious email.
Forged/Spoofed Email Addresses
This is the easiest way to tell if an email is a phishing attempt, but is also easily overlooked. Added characters in the domain are a definite warning sign but are often so subtle that the go undetected. Always check the email address of the sender for anything “phishy” such as email@example.com vs firstname.lastname@example.org.
If an email chalked full of grammar mistakes is asking for your login information or prompting you to click a link, don’t comply. Besides the fact that no company should ask for your private information over email, any legit company will check emails for grammatical errors before sending.
Ensure Links Are What They Say They Are
Similar to a spoofed email, a malicious link can be disguised to look like you’re clicking on a link to a trusted site, but really is a completely different site. To combat this, hover your cursor over any links before clicking to see if the URL looks legitimate.
If you receive an unexpected attachment from someone you don’t know, don’t open it. The best thing to do is err on the side of caution.
Words Like “Urgent”
A false sense of urgency is purposely used to scare you into clicking phishing links or sharing the information asked for, in hopes that this dismisses any amount of suspicion you may have. Take the time to search the email for signs of phishing.
Impress your IT Department. Keep your information private and safe from phishing scams by sharing these tips with your co-workers, friends, and family.