You see them every day: emails, calls, even instant messages asking for access to your computer, your personal information — data that needs to be protected. Sometimes these thieves ask for passwords, account numbers or personal identifying details; other times, they want you to run a malicious attachment or visit a dangerous website to pick up some malicious code.
The first thing to know about phishing is If it smells “phishy,” there’s a good chance it is. If you’re not sure, look for advice. Don’t be afraid to approach your friendly IT security expert. And while you can mark phishing emails as spam and ignore them, when you get one, it can be extremely helpful to the Information Security Department if you report those messages and help raise awareness to your colleagues that “something phishy” is making the rounds.
Signs of phishing:
- It just doesn’t look right. Does the message claim to come from someone you do work with, such as a client, your bank, a social networking site or even your own company, but there’s something a little off about it? Trust your instincts.
- Generic salutations. Instead of directly addressing you, phishing emails often use generic names like “Dear Customer.” This is because phishing emails are often sent out in large batches, and using impersonal salutations saves time.
- Links to official looking sites asking you to enter personal information or confidential data. These spoofed sites are often very convincing, so be aware what information you’re being asked to reveal.
- Unexpected emails that use specific information about you, like job title, previous employment or personal interests. This information can be gleaned from social networking sites like LinkedIn to make a phishing email more convincing.
- Emails asking you to take action quickly. Thieves often use unnerving calls to action such as saying “your account has been breached” or “if you don’t respond within 48 hours, your account will be closed,” or “You’ve won the grand prize!” to trick you into moving fast without thinking, revealing information you ordinarily would not.
- “Verify your account.” These messages spoof real emails asking you to verify your account with a site or organization. Any time you receive a message asking to verify your account, look for signs of phishing, and always question why you’re being asked to verify — there’s a good chance it’s a scam.
- “Cybersquatting.” Often, thieves will purchase and “squat” on domain names that are similar in name to an official website in the hopes that users go to the wrong site. Always take a moment to check out the URL before entering your personal information.
“You are your own first line of defense against phishing,” said Lisa Bazis, chief information security officer, IT Information Security. “By educating yourself of the phishing signs, you’ll be able to avoid falling victim to a scam and putting your personal data, or that of your organization, at risk.”
You can read more about phishing, by clicking here.
Technology isn’t perfect and everything that smells phishy isn’t a phishing email. It’s up to each of us to know when to be suspicious, and to know how to protect ourselves against cyber criminals.
“It’s always safer to just not click on a link and report the phishing attempt, if you’re suspicious,” Bazis said.