Ever receive an email from a company that sets your internal warning system on high
alert? Maybe the sender’s email address is irregular, or they’re threatening to cancel
your account, or the email is riddled with spelling errors. Those alarm bells aren’t
paranoia – chances are, you’ve been targeted in a phishing attack, one of today’s
most common cybercrimes. Keep reading to learn how to protect yourself from phishing.
How Victims Get Hooked
Despite the play on words, phishing is anything but cute. It’s a technique perfected by hackers (typically using email or text messages) to con you into providing your personal information or account data. They may try to steal your passwords, account numbers, or Social Security numbers, and if they get that information, they could gain access to your email, bank, or other accounts.
Typically, scammers will send emails and text messages that look like they are from entities you know and trust, like your credit card company, an online retailer, a payment app, or a social networking site. These messages try to coax you into clicking on a link that leads to a malicious website or downloading an attachment that contains a virus or malware.
To coerce recipients into taking immediate action, these messages may use a variety of tactics:
- Say they’ve noticed some suspicious activity or log-in attempts on your account.
- Threaten to close your account if you don’t resolve a problem.
- Claim there’s an issue with your stored payment information.
- Say you must confirm some personal information.
- Attach a fake invoice or receipt.
- Ask you to click on a link to make a payment or update payment information.
- Say you’re eligible to register for a refund.
How to Avoid Taking the Bait
The most crucial step in eluding a cybercriminal’s net is to recognize fake emails and texts before you unwittingly provide sensitive personal data. If you notice something fishy, delete the email or text instantly. Keep in mind that legitimate companies typically will not perform suspicious activities:
- Request sensitive information (like your Social Security number) via email or text.
- Address the recipient with a generic salutation like “Dear Valued Customer” instead of name.
- Send emails from an alternate domain (e.g., order-update@amazon1234.com instead of order-update@amazon.com).
- Send emails or texts that contain misspellings and bad grammar.
- Send unsolicited attachments.
- Use links within the message that point to alternate websites (e.g., www.amazon123.com instead of www.amazon.com).
If you’re not sure whether an email or text is authentic, contact the company using a phone number or website that you know is legitimate. Do not open any attachments or click on any links in the email until you know it’s real.
According to the Federal Trade Commission, there are four additional steps you should take to protect your data in case you accidentally fall for a phishing scam:
- Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in
to your account. This is called multi-factor authentication. Multi-factor authentication
makes it harder for scammers to log in to your accounts if they do get your username
and password.
- Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network.
You can copy your computer files to an external hard drive or cloud storage. Back
up the data on your phone, too.
How Often Hackers Lure Their Victims
Bad actors are rapidly increasing the frequency of their attacks, so protecting yourself from phishing is more important than ever.
According to the FBI, the Internet Crime Complaint Center (IC3) received a record number of complaints from American citizens in 2020. Phishing was the most prevalent threat with 241,342 victims who had losses of over $54 million. Other types of cybercrimes followed close behind:
- Nonpayment/nondelivery: 108,869 victims
- Extortion: 76,741 victims
- Personal data breach: 45,330 victims
- Identity theft: 43,330 victims
Taken in total, these numbers represent a 69 percent increase in complaints from 2019. Cyber criminals had a good year, with many taking advantage of the unusual events that transpired in 2020, including the rapid transition to remote work. According to Malwarebytes, 20 percent of companies surveyed said they experienced a security breach as a result of a remote worker.
Use the techniques above to recognize and prevent phishing attacks. USF can also help you take a deeper dive into the subject with the online Cybersecurity Essentials course. This quick, affordable program identifies important cybersecurity practices for anyone securing information or conducting business online, and it can arm you with the tools to stop cybercriminals in their tracks. For more information, reach out to us at CE-Inquiries@usf.edu.