RecognizeWhen it comes to identifying phishing attempts, there are a few important things to learn. Scammers are constantly switching tactics and creating new ways to trick email recipients. Upon receiving a possible phishing email, check the sender for a domain email. If you have received an email from the person before, check to make sure alterations have not been made to the spelling of the name or email domain. Many scammers adjust a number or letter in the email to trick the recipient. Real companies will not ask you for sensitive information over email. Most legitimate companies will call you by your name in the email, redirect you to a secure webpage, and ask you to log in before asking for or updating sensitive information.
ProtectInstall proper security measures on your personal computer. While spam filters attempt to sort legitimate emails in your inbox, cybercriminals try new methods to slip through the cracks and outsmart this system. If your email account or other websites offer a multi-step authentication option to prove your identity before accessing your information, always take advantage of this. Take any extra opportunities to better secure your data and ensure it cannot fall into the wrong hands. In cases where you are unsure about the legitimacy of a message and files or hyperlinks are included, do not click on or open them. These often contain malicious software that attack your computer and gain access to information.
ReportIf you find yourself in a situation with what you believe to be a phishing scam, contact the company using an email or number you know to be real. The company could confirm if that email was truly sent by them or not. If you have received a phishing email, forward it to the Anti-Phishing Working Group at firstname.lastname@example.org. You may also report the phishing attack to the FTC at ftc.gov/complaint. For your business technology needs, WesTec Services is here to provide the security and support you need. Contact us by phone at (713) 682-4000 or by email at email@example.com to discuss what we can do for you.
What is Phishing?Here’s an analogy to better understand: Imagine a fisherman baiting a hook and tossing it into a lake in hopes of getting a bite. If a fish bites, the fisherman reels it in. But, if it doesn’t, the fisherman fails and the fish keeps swimming. Phishing is the same way. A cybercriminal can only gain access to your accounts or information if you fall for the bait. For example, a hacker might design an email disguised as your bank telling you your account has been compromised. They ask you to click on a link to verify your identity. If you click on the link and fill out the information, you have now provided them with the information to access your finances.
Types of PhishingHackers attempt to get victims to do one of two things to get what they want. Some cybercriminals try to trick you into giving up your information. This is similar to the bank example above. Other hackers prefer to have you download malware. Often, these types of emails will include a download attachment, often a .zip file or Microsoft document, embedded with malicious code.
How to Prevent Phishing AttacksIf you know how to spot a phishing attempt, you can avoid compromising your data and report it to the Federal Trade Commission. Here are the steps you can follow to confirm the identity of an email sender:
- Always check the spelling of URLs in email links before you click
- Watch out for URL redirects, where hackers sent you to a different website with identical design
- If you receive a suspicious email from a source you know, contact them with a new email, rather than replying