How to avoid Phishing scams

Remember when all those advertisements used to come in the mail to your house?  We used to call it “junk mail” and immediately threw it away, never looking twice at it.  Now instead of being delivered to your house and placed in your mailbox, it is now being delivered electronically to your computer or mobile phone –  and it’s socially engineered to fool you!  We click or swipe out of habit and enter our username and password freely, sometimes without even thinking about it.  Read on for some tips on how to avoid phishing scams.

Scenario: You’ve just clicked on an email which directed you to a website.  You entered your email username and password into the website.  Then realized that you weren’t sure why – or who was asking for it!  Unless you act fast, someone now has access to your email account and can do what they wish with it.  You’ve just fallen prey to what’s called a Phishing Scam.

According to Wikipedia, “Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, or credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.”

Phishing scams can not only cause financial hardship to you or your company, it can also cause hours of wasted time trying to repair the damages by your IT team.

However, there are ways in which you can help prevent falling for such scams.

• Stay Informed – Awareness is the first, and sometimes best, line of defense.  Watch out for new phishing scams by keeping up with the trends and outbreaks that are reported regularly on the news, or published in trade magazines and publications.
• Always THINK before you CLICK – Randomly clicking on links in emails is dangerous. Before doing so, always be sure the source is a trusted source.  Review the sender’s email address to be sure they are who they say the are.  Hover your mouse over the URL to be sure the links lead where they are supposed to lead.  Check for proper grammar and punctuation.  If the email doesn’t address you and is generic (Dear Customer), then it is probably fake.  Lastly, when in doubt, just ignore and delete.
• Be aware of Activity on your account (s) – Even if you don’t do a lot of online transactions, check your accounts regularly.  Make sure any activity is accounted for, and review and report any suspicious activity immediately.  Get into the habit of creating good passwords, and change them immediately if a breach has been reported.
• Keep your computer and Internet browsers up to date – Don’t ignore that security or software patch when you are alerted to update. Usually all security and software updates or patches are released due to loopholes or flaws in software that hackers have exploited. Don’t ignore the messages to update your browser.  Reboot the computer after installing if instructed to do so.
• Watch out for unsolicited pop ups – This is another way Phishing attempts are made. The pop-up is meant to look legitimate and scare or force you into entering your personal data.  Use a pop-up blocker in your browser to help avoid these types of Phishing attempts.  You can review pop-ups on a case by case basis, allowing you to pick and choose which pop-ups you want to see.
• Be sure your Antivirus definitions are up to date – Make sure your antivirus is installed and activated to help protect your computer and it’s data. New definitions are being updated constantly to safeguard you against the new threats as they are uncovered.  Add Anti-spyware or Anti-malware software as additional layers of protection.
• Keep your Personal information Private – Never share your personal information with anyone. This type of information should not be relayed via an online form, email, or any other electronic means of communications.  When in doubt, seek out a phone number or a direct contact to discuss the matter.
• Use necessary network equipment whenever possible – Firewalls are the most common network device to use to help combat intruders. Although your computer may already have a software firewall, a hardware firewall with a threat management feature used in addition will help deter any unwanted intrusions.

There are several ways to report Phishing attempts to the proper authorities.  Be sure to read all requirements necessary when filling out the online complaints.

• The Federal Trade Commission – you can file a complaint on Phishing and Identity Theft
• The FBI’s Intenet Crime Complaint Center (IC3)– accepts complaints regarding online internet crimes
• The United Stated Computer Emergency Readiness Team website – provides information and education on protecting yourself again Phishing attempts
• Google – has a forum to report Phishing websites to enable Google to help prompt save web browsing