You may have heard of the term “phishing scam,” but it can be hard to know the facts around these cybercrimes and how to protect yourself.
In general, phishing scams try to trick people into giving up personal, confidential information by pretending to be a company or person they’re not. They do this to access things like online banking or email accounts, often locking the legitimate user out and wreaking havoc.
What are common phishing scams?
The most common phishing scam shows up in the form of an email that comes from a trusted institution or even promises a reward of some kind for participating.
Password change requests: Scammers sometimes pretend to be your bank or the very company that hosts your email address. They tell you in a very official-looking email that your security has been compromised and you need to change your password. The email could look like a routine request to change your password. Once you do, your information is theirs for the taking.
Fake prizes: Another tactic is to claim that you’ve received a prize of some kind, like a gift card or cash reward, but you need to log into a website to receive it. Again, once you log in, your information is no longer yours alone.
While most of these scams take place over email, other web-connected activities can also be susceptible, such as instant messaging, social media, or online ads.
Spear phishing: Another type of phishing is more targeted and referred to as spear phishing. In this instance, a malevolent party has learned some things about you specifically, such as the name of your employer. Then, it uses that to trick you into providing information, thinking you’re giving it to a person you know and trust.
Scammers are often very clever and do an excellent job mimicking the websites or email templates of these trusted organizations or people. It can be hard to discern what’s real, but there are some things to look out for.
How do I avoid falling victim to a phishing scam?
A certain amount of caution and skepticism is a good idea when navigating the internet and should be applied if you get any email asking for login information out of the blue.
We all forget passwords sometimes and send ourselves links to reset them. But if you receive one of these requests without initiating it yourself, you should exercise caution before you proceed. There are some warning signs to look for:
- Email address is different or looks off: If you’re getting an email from someone claiming to be someone you know, but the address is different from what you have on file or looks like it doesn’t make sense, that’s a good indication that this person isn’t who they say they are.
- Strange tone or incorrect grammar: Again, if the sender is someone you know and are usually friendly with, but the tone of the email is formal or otherwise off, it’s a red flag. The same goes for grammatical and typographical errors, especially if the person is usually diligent about their writing.
- The web address is misspelled or different from where you usually go: Phony websites that are linked directly from an email might look authentic but will have a different URL than the website you usually visit when you log in.
- Unsecure connection: Most web browsers will warn you if a website’s link is unsecure, but an easy way to tell for yourself is to look for “https” at the beginning of the URL. If you only see “http,” you’re not on a secure site.
What do I do if I’ve been phished?
Even with all of these precautions, it’s still possible to fall victim to a phishing scam—after all, scammers are getting more sophisticated all the time. So, if you accidentally give away sensitive information as part of a phishing scam, don’t panic. Follow these steps to try to mitigate the damage.
- Completely disconnect your computer from the internet. This will prevent you from inadvertently sending bad links to your contacts.
- Back up your computer’s information on a new USB drive.
- Change your login credentials for your accounts, but use a different computer or your phone or tablet.
- Restore your computer’s factory software and run antivirus software.
- Restore your computer from your latest backup, then re-run the antivirus program.
Phishing scams can be hard to spot and aren’t fun to deal with, but you can spot and avoid them with the right education and a little bit of caution. Always protect your passwords and account information, and when in doubt, don’t give them out to anyone asking for them unsolicited.