Have you ever been emailed by a crown prince? Received a text message from someone claiming to be your friend? Won a contest you never entered?
If so, chances are you came up close and personal with an online scam called phishing. Communications like these sound too good to be true — and most of the time, they are. In reality, there’s someone nefarious on the other end trying to steal your information (or worse: your identity).
Luckily, they’re avoidable. Let’s explore the basics of phishing and how you can avoid falling victim to an online scam.
What’s a phishing attack?
In simple terms, phishing attacks are how hackers get their foot in the door. It’s a deceptive technique that involves masquerading as a reputable source, such as a well-known brand, friend or family member. By impersonating a trustworthy individual, scammers induce victims into revealing personal information, passwords and credit card numbers.
These attacks are extremely common. In fact, over 90% of cyberattacks begin with a phishing attempt. It usually takes the form of an email, but can also include text messages, apps and social media.
Tell-tale signs of an online scam
Here’s the good news: Scams are usually very easy to spot. Why? Because they tend to leave behind a trail of breadcrumbs that give away their intentions.
Some of the most common signs of a phishing attempt include:
- Messages that create a sense of urgency: “Act now! Limited-time offer!” Hackers use statements like these to entice recipients into doing what they want. If you receive a message saying it’s your last chance to confirm an account or something similar, it’s likely phony.
- Misspellings and bad grammar: Look at the sender’s email address. They often use look-alike domains to convince you they’re legitimate. If the name is misspelled or looks strange, chances are it’s fake. Same goes for the body of the message: If there are errors and grammatical mistakes, it’s probably not from a reputable company.
- Suspicious links and attachments: Hackers encourage you to click on links and download attachments so they can infect your device with malware. Hover over a link to confirm it’s a safe URL before clicking.
- Personal information requests: Sometimes cybercriminals treat their victims like a puzzle. Your personal details are the pieces. They might ask you for information that can help them crack into your account. Or they’ll goad you into divulging something more intimate, like a Social Security number.
How to protect yourself from phishing
There are plenty of precautions you can take to minimize the risk of falling victim to a phishing attack (or similar online scam). These include:
- Use security software: An antivirus tool can be set to automatically update, allowing it to handle new security threats as they arise.
- Try multi-factor authentication (MFA): Use this for an extra layer of protection. MFA requires you two or more credentials when logging into an account, making it tougher for scammers to get in even if they have your password.
- Backup your data: If you do experience a phishing attack, it’s best to backup information to an external hard drive or the cloud. That way, you can recover anything you’ve lost.
If you see something, say something. In other words, if you receive a phishing email or text message, you should report it — this can help fight scammers and keep them at bay.
The Federal Trade Commission (FTC) recommends reporting to them at ReportFraud.ftc.gov. Additionally, you can also forward text message scams to SPAM (7762).
In the meantime, why not continue your cybersecurity education? Learn more about how to stay safe online by checking out our Total Defense security blog today.