Phishing is a fraudulent attempt to get your personal information by pretending to be from a credible source or website, but they’re actually sent by malicious hackers. While phishing usually occurs over emails, theft of information can also happen through text messages, phone calls, and in-person. Here are the warning signs to look out for to protect yourself:
- Messages from co-workers, family members, or friends asking for personal information or money that uses language that is out of the ordinary for that person
- Messages that create a sense of urgency for you to reply with personal or financial information or make a payment
- Messages that are followed up by a phone call or email to request information or have you perform some action such as opening an attachment
- Website addresses that are spelled differently. Be sure to look at each letter in the website address carefully; the letter “i” can be mistaken for a lower case “L” and vice versa as well as the letter “v” next to one another to look like a “w”
- Websites that ask for your personal information and don’t have https:// or a padlock in the address bar; fraudsters have been known to place images of padlocks in the page content to make people think the site is secure
- Generic greetings that don’t include your name. Some examples are Sir, Madame, Customer, and Valued Customer
- Spelling and or grammatical errors
- A reply to address that doesn’t match the company in the message
What if you suspect the message is fraudulent?
- If you receive an account notice via email from one of your service providers (bank, telephone, cable, etc.) and you have a gut feeling the warning or issue may be legitimate, use a phone to call and talk to an account rep – don’t click on the links in the email
- Never click on a link in an email to change your password. If you do want to change your password, go directly to the web site and change it
- Realize that most companies will not simply send you an email if you have account issues. For example, if your credit card company suspects unauthorized usage, they are going to call you – not send an email
- Be sure to look closely at the URL they are pointing you to. Hover over the link to make sure the real business domain is used. Note that http://accounts.bigbank.com could be a legitimate site whereas http://accounts-bigbank.com could be a phishing site
What do you do if you think you are a victim?
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Watch for other signs of identity theft (see Preventing and Responding to Identity Theft for more information).
- Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).