See Something Fishy? Don’t Take the Bait
Phishing is one of the most common cybersecurity tactics. It’s simple, effective, and not just for Nigerian princes anymore. People are more cyber-savvy than ever before, and cybercriminals have evolved as well, developing more sophisticated methods of phishing for personal information. Today’s phishing emails are often disguised as communication from a reputable company or organization, or even from someone in your contact list. The goal of these email messages is a simple one – collect sensitive information from the recipient that will later be used for malicious purposes. Watch for these telltale signs of phishing and stop would-be cybercriminals in their tracks.
Spoofed “from” addresses
Criminals often use a method called spoofing to mask the sender’s address, making it look like the email was sent by a trustworthy source. The next time you receive an email, use your mouse to hover over the “from” address. Is it what you expected? For example, if you receive an email from Southeast Financial, check to be sure the address in the “from” field ends with “@southeastfinancial.org.” If it doesn’t match exactly, it’s most likely phishing. Don’t take the bait!
Spelling and grammatical errors
We all make mistakes, but if you receive an email with multiple spelling and grammatical errors from what appears to be a reputable source, it just might be a phishing attempt. In these situations, the best course of action is to simply delete the email without providing any information, clicking links, or downloading attachments.
Requests for personal information
If you wouldn’t give your credit card number to a stranger on the street, don’t share it with the stranger who requests it by email. No reputable company should ask you to provide sensitive information like account numbers and social security numbers by email. If they do, don’t take the bait! Protect your information by contacting the company directly using a published telephone number or searching for their public website online.
Your credit card information needs to be updated. Your password is about to expire. Your account needs to be confirmed. Messages like these often direct you to click on a link in the body of the email to update your information. While it’s possible that the email is legitimate, it’s better to be safe than sorry when it comes to potential phishing attacks. Hover over the link to see the actual link address. Better yet, avoid unsolicited links altogether and contact the person or company directly for information about the request.
Even if everything looks legitimate, if something feels “off,” don’t take the bait. For example, if you didn’t buy a lottery ticket, don’t trust an email with instructions for claiming your prize. Trust your gut instead.