How to Spot Phishing Lures
Phishing attacks, in which scammers try to trick you out of your private information or money, are one of the most prevalent threats we see today. Part of the problem is that the cybercriminals have numerous ways in which to hook you, either online, over the phone, or even in person.
In today’s busy world we are often bombarded with information and it can be hard to tell who to trust, and when to be wary. But given that online phishing attacks alone grew to over 1.2 million in 2016, costing consumers and businesses billions of dollars, it’s worth learning more about common phishing lures and how to avoid them.
The first thing you should know about phishing is that it almost always involves a form of “social engineering”, in which the scammer tries to manipulate you into trusting them for fraudulent purposes, often by pretending to be a legitimate person or business.
You can get a better idea of how this works by learning about some of the most popular scams circulating today:
- The CEO Scam—This scam appears as an email from a leader in your organization, asking for highly sensitive information like company accounts, employee salaries and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing—the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive information, and ask the apparent sender directly whether the request is real, before responding.
- The Urgent Email Attachment—Phishing emails that try to trick you into downloading a dangerous attachment that can potentially infect your computer and steal your private information have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary or prize. They might urge you to “respond immediately!” The lure here is offering you something you want, and invoking a sense of urgency to get you to click.
- The “Lucky” Phone Call—How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity information. The lure here is something free or exciting at what appears to be little or no cost to you.
- The Romance Scam—This one can happen completely online, over the phone, or in person once contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online, or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple—love and acceptance.
- The Mobile Phish—Our heavy use of mobile devices have given scammers yet another avenue of attack. They may distribute fake mobile apps that secretly gather your personal information in the background, or they could send phony text messages, inviting you to click on a dangerous link. Either way, you may be misled by a false sense of trust in who has access to your mobile device. In this case, you may be lured by the convenience of an app, or expediency of a message.
Here are some more smart ways not to get hooked:
- Be wary of anyone who asks for more information than they need, even if you are talking to a company or bank you do business with.
- When responding to a message, first check to see if you recognize the sender’s name and email address.
- Before clicking on a link, hover over it to see if the URL address looks legitimate.
- Before logging into an online account, make sure the web address is correct. Phishers often forge legitimate websites, like online storage accounts, hoping to trick you into entering your login details.
- Avoid “free” offers, or deals that sound too good to be true. They probably are.
- Always use comprehensive security software to protect your devices and information from malware and other threats that might result from a phishing scam.