Phishing Emails: Get Hooked and You Could Lose a Lot More Than You Bargained For
You get these emails all the time, from people you know and some you do not – asking you to act fast before your access is lost, or there is an urgent request of you! What could be the harm in responding to them or even just opening the message?
These types of emails are called “phishing” emails and they are all about deceiving the recipient. They are a type of cyber threat in which an attacker sends a malicious e-mail that appears to be from a reputable company or person. These e-mails try to get the receiver to:
- Click on a link
- Open an attachment
- Reply with sensitive information
If you do any of the above actions, you could potentially grant an attacker unauthorized access to your network or sensitive information.
According to the 2017 Verizon Data Breach Investigations Report, phishing e-mails account for about 90% of all cyber-attacks. To better protect your information against cyber threats, it’s crucial to understand the signs of a phishing e-mail.
Signs of a phishing e-mail
- Unexpected requests. If you receive a request out of the blue—one that you don’t regularly handle—it’s likely to be a phishing e-mail.
- Urgency. Most phishing e-mails prompt recipients for action ASAP; that way, there’s not enough time to process what they’re reading and doubt its veracity.
- Poor grammar, spelling, or syntax. Typos and strange syntax are common features of malicious e-mails.
- The hover-over link doesn’t match. If you hover your mouse icon over a link within an e-mail and the URL doesn’t match the description of the link, it might be a malicious website. Do not click it.
- Asking for sensitive information. Phishing e-mails often ask you to “verify” your credit card number, social security number, or account password. Never share sensitive information through unencrypted e-mail.
What to do
- Do not investigate unfamiliar links. If the e-mail concerns an online account that you log into regularly, simply open up a new browser window yourself and log in as normal.
- Delete the e-mail. Do not forward suspected phishing e-mails to anyone. Although reporting phishing e-mails seems helpful, forwarding them increases the chances that a malicious link will be clicked.
- Call the sender. If you’re unsure, verify the e-mail’s veracity with the sender. Don’t use a number provided from the e-mail because it could be fake. If you don’t know the legitimate number, try researching the official website of the business or individual.
- Keep Your Browser Up to Date. Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit. If you typically ignore messages about updating your browsers, stop. The minute an update is available, download and install it.
- Use Firewalls. High-quality firewalls act as buffers between you, your computer and outside intruders. You should use two different kinds: a desktop firewall and a network firewall. The first option is a type of software, and the second option is a type of hardware. When used together, they drastically reduce the odds of hackers and phishers infiltrating your computer or your network.
Keep in mind that phishing scams are not just restricted to emails, but can also present themselves as text messages with links embedded, social media posts and advertisements. Always, always think twice before clicking!
Presented by Chaunté Stallworth