Phishing Scams and How to Avoid Them | Cyber-Security Awareness
October is Cyber-Security Awareness Month! Take this opportunity to review and improve practices around issues of online security.
What is a phishing scam?
“Phishing scams work by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks totally legit, but isn’t and is designed to steal your private information” (Wired, 2017). Wired magazine shared this article on how to identify and avoid phishing schemes. https://www.wired.com/2017/03/phishing-scams-fool-even-tech-nerds-heres-avoid
Phishing.Org is dedicated to educating web users about the risks of phishing scams. They define phishing as “a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”
Tips to Avoid Phishing Scams
- When you are unsure about the validity of an email, trust your gut. If something seems off, it probably is.
- Scrutinize your emails-Is the sender a legitimate address? Is the message from someone you know?
- Report any suspicious emails to your IT department so they can look for a trend or possible widespread scam
- Hover over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead?
- Before submitting any information on a website, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar. Check for the site’s security certificate as well.
- Never download files from suspicious emails or websites.
- Be Wary of Pop-Ups – Pop-up windows often masquerade as legitimate components of a website. All too often, though, they are phishing attempts.
You can find more tips on how to avoid email and website phishing scams from Phishing.Org. http://www.phishing.org/10-ways-to-avoid-phishing-scams
Spear phishing is a type of attack that appears to come from someone you know. Learn more about spear phishing here.