Published: June 23, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Since the mid 1990’s, email phishing scams have been on the rise. Like most cybercrimes, hackers have improved and refined their phishing methods over time. Now, there’s been a massive increase in targets due to the continuing coronavirus epidemic. Email phishing continues to be the method of choice for many cybercriminals to enter your device, steal your data, identity, finances, and more. A study by Tessian finds that 96% of phishing attacks arrive via email, showing the threat is very real.
There are ways to prevent phishing. Just keep these 8 things in mind:
1. Red Flags Flying
Phishing emails use many tactics to grab our attention, but no matter the subject line, there are phishy mistakes that many have in common. Poor grammar and bad spelling, generic greetings, and visuals like brand logos that don’t look quite right. Motivating users to open the email and act is key for hackers to succeed, so many of the subjects and content tugs at our heartstrings, elicit emotional reactions, needs an urgent response, or says you’ve won a contest or gift card, should all raise red flags.
2. Think Before You Click
Once the email is opened, hacker’s urge you to download a file, open an attachment, or follow a link. If you aren’t expecting a link or attachment, suspect a red flag, or don’t absolutely know and trust the sender (you can always verify the email sender), DO NOT follow instructions to act in any way. It’s best to assume any attached or downloaded file is chock full of malware and the link is to a scam website. These can launch ransomware, spyware, identity and finance theft, and many other viruses on your device.
3. Protect Your PII
Your personally identifiable information (PII) can give a hacker the key to your identity. Never provide your Social Security number, bank and other financial details, or any other sensitive information an email asks for. Reputable companies don’t ask for these in an email, but rather send you to a secure portal or contact you via snail mail. Provide this info over a phone call only if you’re the one who initiated the call and are confident in the person on the other end of the line.
4. Truth in Websites
You can check if a business truly needs you to provide or verify PII by typing in the true website yourself. That way you’ll know for certain if the request for your PII is for real. Always verify a website is real and trusted before moving forward. Carefully check the website spelling for odd or additional characters because they always signal a fake website. Always best to type the URL yourself or create bookmarks for easy access to your most used and trusted websites.
Always make passwords long, strong, use numbers and special characters, and never reuse them for other accounts. In particular, especially those used for personal, financial, and work accounts. Change those passwords periodically. Scary Stats: 65% of people reuse passwords across multiple or all accounts; the average person reuses the same password up to fourteen times; 91% say they understand the risks of password reuse across multiple accounts, but 59% admit they do it anyway.
6. Enable Authentication
Two-factor authentication (2FA) should always be used whenever possible. 2FA adds a layer of authentication to logins that verify you are the account owner, and that it’s really you signing-in and not a bad actor.
7. The Right Email Provider
Email services differ and some are better at screening out phishing and other spam emails than others. Make sure your choice enables 2FA, offers strong phishing and spam settings, and sends alerts if they are detected. Choose a provider that keeps your email safety a priority.
8. Look for Phishy Clues
If you suspect you’ve been caught in a phishing scam, act quickly. Check your email logs for any phishy logins and be sure to log out of the account. Check bank or credit records for any unusual activity and make sure any transfers you made went to the right account. If anything is out of order, contact your financial institution immediately. While you’re at it, change passwords and enable 2FA right away too.