Discover what phishing is and the various tactics employed by cybercriminals, from email spoofing to spear phishing and learn how to protect yourself in the digital landscape. This article explores essential security measures and steps to take if you fall victim to a phishing attack.
How to Protect Yourself From Phishing Scams
Click play to learn more.
Phishing is a cybercrime that employs deceptive tactics to trick individuals into divulging sensitive information, such as passwords, credit card numbers or other personal data. The term "phishing" is a play off "fishing," reflecting the idea criminals are baiting their targets, hoping to reel in valuable information.
How Phishing Works
Phishing typically involves sending fraudulent emails or messages that appear to be from reputable sources, like banks, credit card companies or well-known online services. These messages often include a compelling reason to click on a link or download an attachment, leading you to a fake website designed to steal your information.
Common Phishing Techniques
Phishing scams can happen via email, text, phone or person-to-person payment apps and often have real consequences for people who give scammers their information, including identity theft. Fraudsters often use these methods to steal your passwords, account numbers or social security numbers. If they get your information, they can gain access to your email, bank accounts and other online or mobile banking services. Or, scammers could sell your information to other scammers. Here are a few common techniques to watch out for:
Email Spoofing: Faking the sender's email address to make it seem legitimate.
Spear Phishing: Targeting specific individuals or groups with personalized messages to increase the likelihood of success.
Whaling: Focusing on high-profile targets, such as CEOs or CFOs, to gain access to highly valuable information. For this business fraud technique, a scammer will pretend to be the CEO or CFO to get targets to trust them and gain access to valuable information or funds.
Smishing and Vishing: Using SMS (smishing) or voice calls (vishing) to deceive victims.
Scammers often update their methods to keep up with the latest news or trends. A scammer might:
Say they’ve noticed some suspicious activity or log-in attempts
Claim there’s a problem with your account or your payment information
Say you need to confirm some personal or financial information
Include an invoice you don’t recognize
Ask you to click on a suspicious link to make a payment · Say you’re eligible to register for a government refund
Offer a coupon for free stuff
Banks will never ask for your PIN, password, social security number or one-time passcode.
How to Protect Yourself from Phishing
Being proactive is not just a bonus, it's a critical defense against phishing. It enables you to identify phishing scams early, safeguard your information and avoid falling victim to scams. Here’s how you can shield yourself from phishing:
Education: Learn to recognize the signs of phishing, such as poor grammar, suspicious links or unexpected requests for personal information.
Verification: Always verify the sender's email address and phone number and be wary of any unexpected or urgent requests. Never give out your PIN, password, social security number or one-time passcode. And never respond to any messages or QR codes, especially if the request is to send money to yourself or individuals you don’t know with person-to-person apps like Zelle and Venmo.
Tip: You can verify contact information safely by Googling the correct phone number and email address.
Two-Factor Authentication: Enable two-factor authentication whenever possible to add an extra layer of security to your accounts. Multifactor authentication makes it harder for scammers to log in to your accounts if they do get your username or password. Remember: Never share your authentication or one-time passcodes with anyone.
Up-to-Date Software: Keep your browsers, antivirus software and operating systems up to date to protect you against attacks.
What to Do If You Suspect a Phishing Attack
If you receive an email or a text message asking you to click on a link or open an attachment, answer this question:
Do I have an account with the company or know the person who contacted me?
If the answer is “No,” it could be a phishing scam.
If the answer is “Yes,” contact the bank or company using their real contact information from a website, statement or the back of a card — not the information from the message. Scammers may spoof or mimic a bank or company’s information to make it appear like the message is coming from a trusted contact.
If you think a scammer has your information, like your social security number, credit card or bank account number, contact us immediately at 888.769.3796. The Federal Trade Commission also offers steps you can take based on the information you lost.
