Updated July 25th, 2022
What is Phishing?
Phishing is when someone contacts you through email, by phone, or through text message pretending to be a legitimate business.
Phishing doesn’t require any hacking because the criminals get what they need directly from their target by posing as a trustworthy entity (such as your bank, phone company, etc.) and contacting you through channels such as email, over the phone, or through text messages. They just ask you to provide information like your online account login and password, your card number or PIN, even your social security number!
You might think that you would never give out your information to someone like this, but In 2021, 83% of organizations reported experiencing phishing attacks, with an additional six billion attacks expected to occur in 2022.
Four types of Phishing Attacks:
- Email Phishing – The most common way that phishing attacks are sent, phishing emails are designed to trick people to give out personal and sensitive information and often targets a broad group or category versus a specific individual.
- Spear Phishing – Is a type of email scam that is even more targeted than general phishing emails as it appears to come from a known sender (such as a boss, work colleague, trusted brand, etc.)
- Whaling – Is a form of spear phishing that exclusively targets high-ranking individuals in an organization. Whaling often targets CEOs, CFOs and other high-level executives.
- Angler Phishing – is a new phishing scam that uses social media platforms where the attackers disguise themselves as customer service agents. They often target disgruntled employees or unhappy customers.
What are common indicators of Phishing Emails?
One of the common ways that criminals try to get your personal information is through a phishing email. These emails often have some telltale signs that they are in fact phishing scams and should be avoided at all costs.
Phishing emails generally contain suspicious links or attachments
If you do not know who the send of your email is, then you should not open any of the attachments in that email or click any of the links provided. The messages often come with a sense of urgnecy as to why you should open the attachments or click the link. Tip: To check if the link is valid, hover over a link to see the address of that link and if it matches up to the address of the email sender. Best practice is to delete the email immediately and report those phishing scams or anything that seems suspicious
Phishing Emails often have Misspellings
One key indicator of a phishing email has to do with the presence of misspellings or typos. Why is this so often true? Well, perhaps the sender is not a native English speaker, and thus the odds for typos is much higher. Or perhaps these mistakes are intentional. These “mistakes” might very well be a key phishing strategy in order to get past the spam filters in your email account. Since spam filters often look for certain words and phrases, by misspelling keywords it would allow these phishing messages to get through to Inboxes more so than a correctly drafted message would.
Phishing emails often request your personal information
The goal of phishing is to gain access to your personal information and possibly use it to steal your identity, steal your money, or even install malware onto your computer. Because of this, most phishing emails request your personal information in many unassuming ways and often put a sense of urgency in their request. These emails might appear to come from your bank (or other financial institution) and tell you that your account has been hacked. They might appear to be from a streaming service that you belong to (i.e.-Netflix, Hulu, etc.) and tell you that your credit card needs updating “immediately” or your access will be “terminated”. They might even appear to come from your insurance company and tell you that you owe (and must “immediately pay”) a very large bill.
Sense of Urgency
Phishing attempts often contain some sort of “urgent” request and require that you make an action “Now” or “Open Immediately”? This is all in the attempt to invoke a sense of panic and try to get you to take action soon.
If you have any doubts if an email is legitimate, it’s always best to contact the company directly to inquire if they were the ones who in fact sent it to you.
Ways that you can avoid Phishing scams and protect yourself from Identity Theft
- Never give your information out to anyone who contacts you out of the blue.
- Use a security software on your computer to help protect yourself from phishing.
- Make sure your password isn’t easy to figure out. Use a combination of letters, numbers and symbols. Multi-factor authentication is an even better way to keep yourself protected from phishing scams.
- Also, never use the same login information on your financial accounts that you do on other accounts like email or shopping sites.
- Finally, report suspicious phishing activity. Contact IdentityTheft.gov if you think someone has your sensitive information, and they can guide you on the best steps to take to help protect yourself from identity theft
For more on phishing and how to keep your information secure, visit the Netspend Security Center.