What You Need to Know About Email Phishing

You may remember from one of our previous blogs a piece of advice we gave about cyber-attacks: beware of the Phisher’s Net. Email Phishing is a type of cyber-attack where a phisher, or scammer, is trying to gather personal information using deceptive e-mails and websites by appearing to come from a legitimate source. These are vulnerable but can be sophisticated and are meant to trick the user. Not recognizing these emails can lead to access to bank accounts, fraudulent purchases on your personal accounts, or even opening new accounts in your name.

What does Email Phishing look like?

You may receive an email from a company such as Amazon, PayPal, Target, Venmo, or other retailer telling you that your account has been suspended and you need to click on the link provided to reinstate it. To those who aren’t aware of phishing, they’ll click the link and login which will result in their account being compromised and all private information lost. Others may look at the link and notice it’s not actually from Amazon, and report the sender or simply just delete the email. See phishing examples here.

Here are some tips on identifying phishing emails:

Businesses should never ask you to submit personal information via email. If they do, forward the email to the business to verify its validity, or contact them via phone or in person.
Look for phishing characteristics. Phishing messages often contain spelling, grammatical or other errors. See examples of phishing emails or check a suspicious email online at www.phishtank.com.
Exercise caution when clicking links in an e-mail. Links can be masked to direct you to a different website than the one listed. Hold your mouse over the link and look at the bottom of your browser window to see if the links match. If not, it could be a scam. When in doubt, type links directly into your address bar to be sure you are visiting the intended website.
Use a spam filter and antivirus software to minimize phishing emails. A spam filter can block many phishing emails from entering your inbox. Utilize an antivirus program to protect against unwanted files that could rob you of personal information.

Oops! I responded to a phishing email. Now what?

If you believe the scammer got information such as your Social Security, credit card, or bank account number, go to IdentityTheft.gov for specific steps to take based on the information you lost.

If you believe you clicked on a link or bad attachment that downloaded harmful software, update your computer’s security software and then run a scan.

If you get a phishing email, you should always report it. Here’s how:

Forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org. Then, report it to the FTC at ftc.gov/complaint.

Just by taking a few minutes to learn about phishing and how to protect yourself, your chances of falling victim to a costly scam will be greatly minimized. Remember: always be cautious and report any phishing emails you get to help in the fight against scammers.