Phishing is a term used to describe several very effective methods of stealing personal information online. It’s called phishing because criminals use electronic bait to hook a fish/victim and reel them in.
Phishing targets may be contacted in a variety of ways, including email, phone calls, or text messages by someone posing as a legitimate company to lure people into giving out personal information like bank and credit card details and passwords.
For example, criminals may trick you into opening up a malicious email attachment by putting a compelling message in the subject line like:
- photos you have to see to believe
- your bank needs additional information
- Suspicious activity has been detected on your account
- Invoice past due
- Are you available
- You must confirm your account
When the victim opens the attachment, it installs malware on their computer which gives the hacker access to their computer or network.
Many email systems now block out a lot of the malicious email attachments, so criminals sometimes use malicious links in their emails that direct a victim to an infected web page instead.
Most people just automatically click on links without thinking about it, and this makes the technique quite effective.
Just becoming aware of how these criminal operate will help you be safer online. So your first and best defense is to be aware. Be suspicious and treat any message from someone you don’t know as highly suspect.
Any email program will show you the destination of a hyperlink if you mouse over it without clicking. This can help you spot suspicious links. If the visible link and the underlying destination don’t match exactly, don’t click it!
Check the URL, aka the name of the website you’re visiting. Phishers constantly put up websites using the almost identical spelling of a legitimate website so victims think they’re safe.
Never open attachments from people you don’t know, and if you receive a request for information that seems strange or a little too personal, visit the website directly via your browser or call the company on the phone. But never use the phone numbers supplied in the email you receive.
Also very popular with criminals is the old fashioned phone call. Many of my customers are reporting that they receive numerous phone calls from people who pretend to be Microsoft, power companies, IRS, banks, and many other legitimate companies. None of these companies would ever call a customer and ask for personal information over the phone. Just hang up!
Last but not least, malicious text messages are also on the rise. The criminals will text you with a link requesting personal information from your bank, etc… Never follow these links.
No one will ever be completely safe from hackers online but becoming more aware of how these scams work will go a long way toward keeping you safe.