Phishing Protection 101
Phishing-type e-mails are designed to trick the recipient into either downloading a virus (which then gives the hacker remote control of the computer) or revealing enough information for the thief to open credit cards in the victim’s name, get into their bank account, etc.
There are many ways the crook can trick the victim. Here are telltale signs:
- The message wants you to “verify” or “confirm” your password, username or other sensitive information.
- And why must you do this? Because “suspicious activity” has been detected on your account, or, your account “is at risk for being compromised.”
- Your name may or may not be in the message. Always be suspect.
- Financial institutions will never ask you to enter your login information in an email and be suspect on a website.
- Another ploy is the subject line: There’s a sense of urgency, such as, “Your account is about to be suspended.” A business will contact you by phone or snail mail if there’s a problem.
- Even if the e-mail seems to have come from your boss at work and addresses you by name, and includes a link…realize that a hacker is capable of learning enough about someone from their LinkedIn page and Facebook to then convincingly impersonate someone they know.
Links in E-mails
- Typically there’s a link (when there’s not, there’s a malicious attachment).
- Never click links inside e-mails even if the sender seems to be your employer, health plan carrier or other enterprise you’ve done business with.
- Hover the mouse over the link. If the URL is different than what’s there, assume it’s a scam.
- Generally, only click links in emails when you have to actually click the link to verify an email address once you have just signed up for a new website.
Additional Telltale Signs
- Just weird stuff. For example, a person who edits for a living receives an unexpected e-mail explaining there’s an attachment that needs to be proofread; wow, a paying gig!
- Not so fast. The accompanying letter is very poorly constructed, including misspellings of common words, and includes very irrelevant information, such as “I’m a single mom with three wonderful kids.” Why would THIS be included in a legitimate proofreading job?
- Yet how did the scammer know you’re an editor? Because the crook’s software somehow found your e-mail on the editing gig site you registered with two years ago.
- The subject line says you’ve won something, or you’ll lose something.
- If you go to a website and don’t see your site key (if you registered with one), leave. But you shouldn’t have gone to the website in the first place!
- Always beware of emails purportedly from FedEx, UPS, Amazon, Ebay or anything in your spam folder.
Embrace the idea of deleting reams of UNREAD e-mails without having opened them. If a subject line has you worried, such as “You owe back taxes” or “Your shipment was lost,” then phone the appropriate personnel to see if this is true.
If you suspect you’ve been scammed:
- Log into whatever account might be compromised and check messages, contact customer service.
- Place a fraud alert on your credit if your SSN was exposed.
- Update your security software; run a full system scan.
- If you revealed any login information, change that account’s login data.
Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.