October is #CybersecurityAwarenessMonth! We are a proud partner with CISA (Cybersecurity & Infrastructure Security Agency) and the Secure Our World campaign. We will be sharing what you can do to keep our world more secure.
The second topic this month will be: Phishing Scams and How to Avoid Them with Three Simple Tips.
Your first thought may be…what is Phishing?
Phishing is a type of cyber-crime in which criminals use emails, text messages, or social media (Facebook, Twitter, Instagram and TikTok to name a few) to trick you into interacting with what may look to be legitimate correspondence. This correspondence may download malware to your computer, or may be designed to steal sensitive information such as account numbers, passwords, social security numbers, credit card numbers, bank account information, usernames and any other information that they can use.
Once they have this information…they could get access to your email, bank, or other accounts. They may even sell this information to other scammers.
With this in mind…we have put together three tips to help you avoid Phishing Scams.
One—Recognize the Common Signs:
>>>It comes across as threatening or with a sense of urgency.
Phishing emails often use urgency and fear to manipulate recipients into taking quick actions without thinking. Be cautious of subject lines and messages that create a sense of urgency, such as “Your account will be suspended” or “Immediate action required.” Legitimate organizations usually communicate important matters professionally and do not rely on threats to elicit a response.
>>>Inconsistencies with the email address:
Another way to spot a possible phishing attempt is to take a closer look at its email address, link text, and domain name. Also, cross-reference the email and see whether or not it matches with the brand or company it claims to be. You should also bring your cursor over the URL link and see if there are any inconsistencies in the domain name. Remember, it could be something as minor as a single letter.
>>>Grammatical or Spelling Errors.
You may not be aware of it but grammatical issues serve as a common dictator when it comes to phishing attempts. Look for the signs like bad spellings, wrong synonyms, and wrong use of overall grammar as a sign of a phishing email. It is the main reason most companies have activated the spell feature for all outgoing emails.
>>>Self-Initiated Conversation.
If the conversation in the email is self-initiated, assume it may be a phishing attempt. In layman’s terms, if you haven’t started the conversation, and the recipient takes granted that you have – there is a high probability of a phishing scam. So, if you notice suspicious marketing updates and material that you have not requested or asked for –flag it as a suspicious email and delete it later on.
>>>Requests to send personal or financial information.
If there is an unrealistic demand or request with a shady background, link, domain name, and attached file, assume it is a malicious attack.
>>>Suspicious links.
Hover over links before clicking on them to reveal the actual URL. Phishing emails may display a link that appears legitimate but redirects you to a malicious website. These sites often mimic official pages, tricking users into entering sensitive information. Always verify links’ authenticity and avoid clicking on them if they seem suspicious.
Two—Resist and Report:
Report it. Mark as SPAM. Forward phishing emails to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies).
And if the Phishing correspondence is claiming to portray a legitimate company…forward the correspondence to that particular company advising them so they can look further into what is happening.
Three—Delete:
Do not reply or click on any link or attachment…this includes the “Unsubscribe” link. Do not initiate any type of conversation with the correspondence. Just hit the DELETE button.
Final Note:
If the correspondence you receive is suspicious in any way…do not interact with it. Do not click any link, open any attachment, or call any number. Go directly to the source to see if they have sent you any notifications that require you to review.
>>>Lets say you receive an email that appears to be from PayPal. Open a browser and navigate to the PayPal site and login to your account. If the email was legitimate…there would be some type of notification in your account. If you don’t have an account with PayPal…the correspondence you received is most likely malicious and should be marked as SPAM and deleted.
>>>If it appears to be from someone you know but appears suspicious in any way…CALL that person at a known good number to see if they sent the correspondence.
If you have any questions about the topic of Phishing Scams and How to Avoid Them with Three Simple Tips OR with any other computer-related issues you may be having…just stop by our CONTACT US page and we’ll be more than happy to help you out.
If you would like to keep a copy of this Cybersecurity Newsletter…here is a link to open, download and print it out.