At 9:30 one evening, you receive an email from your bank urging you to click on a link to verify your personal information or your account will be frozen. Frantic, you click on the link, which sends you to a page asking for your Social Security and account numbers. After filling out and submitting the information page, you notice large sums of money are being taken out of your account and your identity has been stolen.
This is an example of phishing, a social engineering cybercrime in which thieves masquerade as a trusted entity, such as a credit card company or government agency, to persuade targets into divulging usernames, passwords, banking and credit card details, and other personal information. Phishing emails can be quite easy to spot – riddled with typos, addressed to the wrong name, or from a lengthy, odd sender – or near impossible, depending on the level of sophistication of the scammer.
Email phishing is a common, criminally fraudulent tactic used to lure individuals into giving up their sensitive information, which is then used to access and clean out financial accounts or steal their identity. A recent study found that 77 percent of successful social engineering attacks started with phishing emails.1
Warning Signs
Phishing emails typically follow similar formats and include “giveaways” that could go unnoticed by an unsuspecting eye. Here are a few things to look out for to help defend against these vicious attacks:
- Suspicious Sender: If you receive an email from someone you don’t know, is outside of your organization, or you know but is out of character, it is likely spam and should be deleted and reported.
- Lavish Claims: As a general rule of thumb, if something seems too good to be true, it probably is. Emails with eye-catching, attention-grabbing copy saying you’ve won a trip, money, or other prizes are typically a dead giveaway for fraudulent activity.
- Poor Grammar: Another clear sign that an email is a scam is if there are numerous typos or misplaced words throughout the copy.
- Urgency: Many cybercriminals will say you need to respond within a few minutes to get a great deal or save your account from being suspended. Banks and other reputable sources will never ask you to divulge personal information online, so it is better to call the source directly rather than replying to a sender you’re unsure about.
- In-Email Links: Assuming a link will take you where it says is a risky move. Hover over the link to see the actual address of the hyperlink and ensure it starts with “https” before clicking.
- Attachments: Opening an attachment you were not expecting or don’t recognize could unleash ransomware or other viruses on your computer. Unless it is a .txt file, don’t open it!
Protecting Yourself from the Sharks
With every step we take to improve the ways we prevent online financial fraud, hackers are matching our stride – or are even one step ahead, waiting to strike. But, there are still things you can do to protect yourself, your company, and your wallet.
First, never offer sensitive information in an email; a trusted source will not ask you to do so or suspend your account if you don’t update your details within a short period of time, meaning that it is likely a scam. You should also consider changing your browser habits and settings to prevent fraudulent websites from opening. If you do access a website through an email link and it asks for verification, be sure to contact the company directly before giving your secure information online. Downloading spam filters on your computer and mobile devices, changing passwords on a regular basis, and hovering over an in-email link to ensure it is secure are steps to defending against phishing emails.
While we may not be able to completely prevent phishing attempts, we can prepare and plan for defense. Visit our security page for more information on avoiding email fraud and learn how APGFCU can help.