Phishing for Information- Part 1

Phishing for Information- Part 1

In this two-part series we will be diving into the world of online phishing schemes that millions of people fall victim to every single day. We will be examining the two most common platforms scammers deliver on email and social media.

What is phishing?

A play on the word fishing, phishing is an online scam where criminals bait you into providing sensitive information such as bank account data, social security number, credit card numbers, usernames, passwords and more. When the confidential material is acquired, hackers use various techniques and software to access the accounts and steal personal information.

People have been known to lose hundreds of thousands of dollars through these schemes. 

Emails are sent out to organizations and individuals are disguised to appear as if they came from a legitimate bank, government agency or company. They usually include a link to an external site where you are then asked to confirm delicate information.

How do you recognize phishing?

As time and technology have progressed, the tactics of these scammers are becoming more believable. It is critical to study each email to identify the factors that make it real or fake. 

  • Address- Take a careful look at what email address you have received a message from.  Authentic emails will not contain alterations such as additional letters or numbers. Normally, it will match the domain. 
  • Appearance- The physical appearance of an email may share similar qualities with a business you know and trust. They may appear to have the same logo and format as one from an authorized sender.
  • Content- Emails are crafted to encourage you to access a link or open an attachment the email may include. Common scenarios include: 
    • “We’ve noticed some suspicious activity or login attempts…”
    • “There is a problem with the payment information on your account…”
    • “We have placed a hold on your account because of a billing issue…”
    • “To keep using your account, we need you to confirm or update your account information…”
    • “Please click on the link to make a payment…”
    • “Congratulations! You are eligible to register for a government refund…”
  • Errors- This may sound like a no brainer but often emails sent by hackers lack proper grammar and spelling. The bad syntax is not something you would commonly see in a professional email. 
  • Greeting- Have you ever received an email from a company you are registered to with your name on it? That is because the organization knows you. They avoid generic salutations and add a touch of personal flair while scammers thrive on being vague or bypass the greeting altogether.
  • Promises- Dismiss any emails that promise you money or prizes. As much as we all wish it to be true, it is more likely than not a scam.
  • Requests- Legitimate organizations typically will not request sensitive information over email.  This is for your safety as well as theirs. 
How do you protect yourself from phishing scams?

There are real consequences to falling victim of cybercriminal schemes, but there are also preventative measures to ensure your online safety.

  • Ask yourself- Do I have an account linked with the company or know the individual who is communicating with me?
    • If the answer is “No,” odds are it could be a phishing scheme. Report the message and delete it. 
    • If the answer is “Yes,” then contact the company through a website or phone number you are certain is authentic and not through the address given in the email.
  • Multi-Factor Authentication- For additional security measures, require verification in diverse forms when logging into various accounts. Thanks to ever-changing technology, credentials to gain access to your account can come in the form of a facial or fingerprint scan, security questions or text and email verification. 
What to do if you fall for a phishing scheme?

If you mistakenly succumb to a phishing scheme, act as quickly as you can to avoid results such as identity theft or major loss of funds.  

  • Notify Law Enforcement -  Contact local law officials to file a report in your area. 
  • Change Passwords- Modify all passwords and PINs. Create a password that is complicated and strong. Include at least one capitalized letter, a mixture of letters and numbers and top it off with a symbol of some kind. 
  • Contact Credit Card Companies- If you fear unauthorized transactions in your future contact companies you have an account with. Explain the situation and they can freeze or cancel your cards. Also, communicate the situation to your bank to further protect your funds. 
  • Monitor Accounts- Follow movements on your accounts to notice any irregular activity. If you spot any peculiar engagement report it. 

In the second part of this series we will be discussing social media phishing.

This information does not guarantee online safety and is provided as a courtesy of Smart Gen Society.  SGS is not legally responsible for your family's digital planning or safety.