Phishing is not new, but the tactics of fraudsters continue to evolve with technology. Personal data, such as usernames, passwords and account information remain at risk. When an attacker attempts to solicit sensitive information or money by posing as a trustworthy source via electronic communication, you become a potential victim of phishing.
Recent Phishing Scams
The tactics continue to change, making phishing a difficult crime to keep up with from a user perspective. One marker of scams is to reference, or play off of, recent breaches or events. This tactic often promotes the perception of legitimacy and feeds on the fear created by current events. A few of the recent phishing trends include:
- ID Expirations: These are texts claiming a phone ID has expired and the user is asked for his or her username and password; the phone’s owner is urged to confirm personal details before the contract is terminated.
- Tax Scams: The just finished tax season brought an onslaught of tax scams. Emails suggested to recipients that tax fraud occurred and that account verification was needed using the last four numbers of the Social Security Number.
- Death Threats: As horrible as it sounds, emails circulate warning recipients that they are targeted under a contract killing. Money will stave off the hitman, but not until after emptying the victim’s bank account. The victim is cautioned not to contact police.
- Bank Texts: Texts from “banks” that look legitimate ask users to visit a website. However, the bogus site then requires sensitive information to “verify” accounts. Other emails might request a return call to clear bank account issues; the callback number then routes to a fraudulent line.
Prevention is the key to stopping victimization of electronic communication users. If the fraudsters’ attempts prove unfruitful, the behavior will diminish. Areas of prevention include:
- Making people aware of scams, as well as teaching them how to recognize and deal with them
- Encouraging safe practices by modifying browsing habits, avoiding hyperlinks, and heading directly to the intended site by typing the web address into the browser
- Employing anti-phishing measures as features of browsers and software
Currently, however, the problems continue to grow. Although listing and staying current with all of the phishing scams might seem impossible, warning signs for detecting malicious intent exist. Be suspicious of:
- Requests for personal or sensitive information in response to email or text
- Requests for money
- Links or attachments in emails from unknown sources
- Links in any email source
- Emails from a familiar source that contain no personal information
Finally, be aware that even if all looks right, it might not be right. Attention to detail is crucial.
How To Protect Yourself
Be in the know! Educating yourself provides the greatest protection against victimization in the broad realm of phishing.
Know the Lingo
Often scam detection requires only one cautious read of an email or text. Discrepancies in the text can be bypassed due to curiosity piqued by the email. Look out for the following clues:
- Misspelled words and poor, even outright bad, grammar (Even one error should alert readers, especially if the source is a reputable business.)
- Rambling sentences or sentences that make no sense
- Wrong or suspicious factual information
- Lack of a personal greeting or reference (Often phishing correspondences begin with a generic greeting such as “Dear account holder” or “Good news dear.”)
- Flowery or stilted language
- Foreign language or character use
- Purposefully jumbled words (Intentionally scrambling words sets emails up to bypass spam filters!)
- Use of all capital letters, at least in parts of the message
- Typical scam words, for example “processing fee,” “tax” or “customs”
- Word choices that draw curiosity, for example, “confidential” or that evoke urgency, even panic, such as “deadline,” “act now” or “termination.”
Know the Face of a Good Email
Emails from allegedly prominent organizations and businesses might contain some personal reference such as your username or partial account number. The IRS, banks and credit card companies do not send emails or texts, nor to they contact through social media requesting money or sensitive information.
Suspicious emails purportedly from the IRS or associated agencies such as Electronic Federal Tax Payment System (EFTPS) require reporting to firstname.lastname@example.org. The same holds true for banks and credit card companies. Contact the institution directly to question or report suspicious correspondence.
Especially beware of emails claiming to be from Western Union, Moneygram or other big businesses such as Gmail and Hotmail. While the companies themselves are legitimate, they do not use addresses to solicit money or purchases in this way.
Know Where You Are Headed
Awareness with each click of the mouse protects users. Check the link destination before clicking. Shortened or slight misspellings in URLs indicate a misdirect to a potentially dangerous site. Hover your cursor over a link and the target appears at the bottom left of the screen.
Still, be cautious and avoid unfamiliar links; be watchful as you click around a browser. Not all browsers allow for verifying link destinations and some phishing tactics override this option.
The takeaway? Be educated. Global Learning Systems provides classes and products to arm yourself against phishing attacks.