phishing

How to Spot and Avoid Phishing Attempts

There is an old Russian proverb, popularized in this country by President Reagan, that says “trust, but verify.” This attitude may have helped end the Cold War, but it’s a dangerous one to adopt when you open your email inbox.

In an age when our lives are online, and everything is connected – our bank accounts and Facebook accounts are both connected to our email accounts, and probably all share the same password – phishing is taking over. A phishing attack is a malicious attempt to acquire personal information (passwords, banking or credit card information, Social Security Numbers, etc.) by pretending to be a person or business that a user trusts.

A phishing email (or website, for that matter) often looks almost exactly like a message you might typically receive from the entity being impersonated, but there are a few ways to spot and avoid these attempts to steal your personal information:

  • “Please verify” – Seeing these words in an email is a security red flag, if we’ve ever seen one! The core of every phishing attack is a request for information, and the most basic approach is to simply ask for it. Reputable businesses will never ask you to send sensitive information via email – don’t fall for this one!
  • Inspect the link – Unfortunately, links don’t always lead where they seem. There are basically 2 steps to link inspection:
    • The simple way to check a link is to simply hover your mouse pointer over it. When you do, the link’s destination URL will appear in the bottom left of your browser window. If the domain (example: www.ThisPartIsTheDomain.com) doesn’t exactly match what you already know (or what you’ve Googled), don’t click it!
      • If you’re using a mobile device, long-press the link with your finger until a message pops up on the screen – this should show you the link’s destination URL
    • The next level of URL inspection is to check for redirects. A URL redirect is a set of instructions that tell your computer that the destination it’s looking for is somewhere else – and you normally wouldn’t know until it’s too late! Thankfully, there are tools like Redirect Detective that will track it down, so you don’t have to risk it. Just copy and paste the link into the tool’s search box, and it’ll tell you everything you need to know about where a hyperlink goes.
  • Take the long way – If you aren’t absolutely sure you can trust a link, don’t click it! Instead of clicking a link you suspect might be dangerous, protect yourself by navigating to the site directly (or via Google). Even better, if the email is asking for information: pick up the phone and call. Not only will you be sure your information is safe, you might be able to help warn others of a dangerous phishing.

 

Phishing attacks are a serious problem – thankfully, the solution is simple, even if it isn’t always easy: when a surprise request for information lands in your inbox, just say “no.”

For more anti-phishing tips, and advice for when you think you’ve been hooked, check out “Phishing” Fraud: How to Avoid Getting Fried by Phony Phishermen by the SEC. And, don’t forget to check that link – trust no one 😉

Share this Post!

About the Author : fcomaha-admin

0 Comment

Leave a Comment