The internet is like the ocean. Vast, diverse, and full of both opportunities and risks. And to reap the benefits of this “cyber sea” without running into danger, it’s crucial for you to understand what phishing is and how to prevent you and your company from being reeled in by scammers.
Phishing is when a scammer poses as a trusted source and sends fraudulent digital messages, often via email or text, hoping to manipulate you into revealing personal information and gaining unauthorized access to certain systems through a download or link. Phishing attacks are also the most successful types of cyber-attacks, so you should take the time to pay attention to details and report any phishing attempts when you are targeted.
Recognize the Phishing Bait
Phishing is successful due to how sophisticated the scams have become. At first glance, a phishing attack could appear as a normal email in your inbox. But there are a few key details that will help you decipher between when an email is real or a scam.
-
Urgent Response Needed- Any message containing threatening language or claiming a loss of opportunity unless immediately action is taken, are often scams. The sense of urgency is a tactic by scammers trying to get you to act before you think. If you’re not sure if it’s a scam or not, send a separate message to the claimed individual or give them a call to verify before taking any further steps.
-
Bad Grammar or Spelling Mistakes- Most professional emails have automatic spell-checking tools built in for outgoing emails.
-
Questionable Email Address or Domain Names- Does the email address originate from a company you regularly communicate with? If so, check the sender’s email address with previous messages. Additionally, don’t take the word of the name provided in the email sender line. Hover over the name and ensure the domain is correct.
-
Suspicious Links- Never click on embedded hyperlinks within an email. Before clicking a link, hover your mouse over it and make sure the URL is correct. Remember, if a link looks a little off, think before you click.
-
Access Data or Personal and Financial Information Is Requested- If the request seems unusual or invasive, it probably is. Any time a message makes a request for login credentials, payment information or other sensitive data, be cautious. Hackers can create very convincing login pages to include in their emails at links. DO NOT provide your personal information unless you are 150% sure of the source.
Report Attempted Phishing Attacks
If you recognize any of the above warning signs in a digital message you receive, it’s important to report the phishing attempt to your IT team and the company or person being impersonated.
You can learn more about recognizing phishing and other cyber security information by visiting the Cybersecurity and Infrastructure Security Agency website.