So someone comes up to you in a restaurant—a complete stranger—and asks to look at your driver’s license. What do you do? Show it to that person? You’d have to be one loony tune to do that.
However, this same blindness to security occurs all the time when a person is tricked by a “phishing” e-mail into typing in the password and username for their bank, or it may be the login credentials for their PayPal account or health plan carrier.
Phishing e-mails are a favorite scam of cyber criminals. THEY WORK.
By definition, phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.
When a cyber thief goes phishing, he uses a variety of bait to snag his prey. Classic examples are subject lines that are designed to get the recipient to immediately open the message and quickly react to it, such as an announcement you owe money, have won a prize or that your medical coverage has been cancelled.
And to resolve these problems, you’re asked to log into your account. This is where you place your account credentials into the palm of the thief on the other end of these e-mails.
Learn to recognize phishing scams
- Phishing e-mails may address you by name (the hacker already knows about you), but usually, your name is nowhere mentioned.
- The e-mails usually contain at least one link they want you to click. Hover your mouse to see what the URL is. It may appear legit, but note the “http” part. Reputable sites for giant businesses, such as Microsoft and PayPal, will have an “https” in their URL. The phishing link’s URL will usually not have the “s.”
- A big red flag is if there are typos or poorly constructed sentences, but a phishing e-mail may also have flawless text.
- Don’t be fooled by company logos, stock imagery, privacy policies, phone numbers and other formalities in the message field. It’s so easy for a hacker to put these elements in there.
- Be leery of warnings or alerts that don’t sound right. Gee, why would your account be “in danger of being suspended”?
The links will take you to a phony site that looks like the real thing and ask you for your login credentials, credit card information, etc. Another way this scam works is by downloading a virus to your computer after you click on the link. Sometimes there’s an attachment that you’re urged to open. The lure might be that it’s a survey from your bank or a report to review from your employer.
A phishing e-mail may still look like the real deal. So how do you protect yourself? Never click on links inside e-mails. Don’t open attachments unless they’ve been sent from someone you personally know. If you think it’s from your company, healthcare plan or bank, then whip out your phone and call the company to see if they sent you the e-mail.
If you’ve fallen for a phishing scam
For specifics about what to do if you’re a victim of a phishing scam, see I’ve been phished! What should I do?