What is Phishing and How Can I Protect Myself?
Phishing is an attempt to solicit confidential information by disguising communications as coming from an otherwise trusted individual. Many scammers will pose as a bank, a government agency or even just as an individual in need of assistance to request this information. Here are some ways to protect yourself:
- Never click on links within an email from an individual whom you do not know.
- Additionally, when you do receive emails from people you believe you know, view the URL by scrolling over it. Make sure the URL goes to the correct web page and is not an IP address or a misspelling of an otherwise trusted name.
- Remember that URI will never ask for your username and/or password via email. If you receive an email asking for this information, promptly forward a copy to email@example.com and delete the email message.
- Never send any sensitive personal information via email. Legitimate organizations will not ask users to send information this way.
- Visit banking or financial websites by typing the address into the address bar. Do not follow links embedded in an unsolicited email.
- Only open an email attachment if you’re expecting it and know what it contains. Be cautious about container files, such as .zip files, as malicious files could be packed inside.
- If you want to verify a suspicious email, contact the organization directly – but don’t call the number that may be provided in the email.
- Use discretion when posting personal information on social media. This information is a treasure-trove to phishers who will use it to feign trustworthiness.
- Use antivirus software to detect and disable malicious programs, such as spyware or backdoor Trojans, that may be included in phishing emails. Keep your Internet browser updated with the latest security patches.
- Learn the telltale signs of a scam to minimize your risk of becoming a victim. Here are some scenarios you may encounter:
- An email appearing to be from a bank, credit card company, or other financial institution requests that you “confirm” your personal account information. Supposedly, your information has been lost, or your account is going to be closed, so it is “urgent” that you respond immediately.
- A phony email from the “fraud department” of a well-known company asks you to verify your information because they suspect you may be a victim of identity theft.
- An email may take advantage of a current event, such as the Anthem data breach, which scammers used to send phishing emails with malicious links for “free credit reporting.”
- An email claiming to be from a state lottery commission requests your banking information to deposit the “winnings” into your accounts.
- A scammer pretends to have a large sum of money and needs “someone trustworthy” to help access it. The scammer promises to share the wealth in exchange for your help – specifically, your financial information.