When criminals go phishing, you don't have to take the bait

Phishing is when criminals use fake emails or texts that seem to be from companies or people you know. But they’re actually from scammers that are trying to lure you into responding or clicking links and handing over your personal information (like a password) so that they can steal your money or identity, or even get access to your computer. It’s easy to avoid a scam email or text, but only
once you know what to look for.

See it so you don’t click it.

Scammers will often use familiar company names or pretend to be someone you know. They’ll ask you to click on a link or give passwords to bank account numbers. If you click on the link, they can install programs that lock you out of your computer and can steal your personal information. Here are
some more quick tips on how to clearly spot a fake phishing email:

·         Contains an offer that’s too good to be true

·         Language that’s urgent, alarming or threatening – act now or something bad will happen

·         Poorly-crafted writing with misspellings and bad grammar

·         Greetings that are ambiguous or very generic

·         Requests to send personal information

·         Urgency to click on an unfamiliar hyperlink or attachment

·         Strange or abrupt business requests

·         Sender’s email address doesn’t match the company it’s from

·         You don’t have accounts with the company

Avoid the Hook

Some phishing schemes are sophisticated and look very real, so always check it out before acting. Look up the website or phone number for the company or person who’s contacting you. Call that company or person directly using a number that you know to be correct, not the number in the email or text. Are they asking you to click a link? Hover over the link with your mouse to see the URL of the link. Does it go to the expected site, or some unusual website that you don’t recognize? Don’t click anything in a suspicious email or text.

Protect Yourself

Keep your computer security up to date and back up your data often. Consider multi-factor authentication – a second step to verify who you are – for accounts that support it. Change any compromised passwords right away and don’t re-use passwords across accounts.

Oh no! I see a phishing email. What do I do?

Don’t worry, you’ve already done the hard part which is recognizing that an email or text is fake and part of a criminal’s phishing expedition. Do not click on any links or respond to the text in any way. If you’re at work and the email came to your work email address, report it to your IT manager or security immediately. Forward phishing emails to spam@uce.gov and reportphishing@apwg.org. You may also report it to the FTC at ftc.gov/complaint.

Source: ftc.gov, staysafeonline.org