A Guide to Protecting Yourself from Phishing Emails
The term “phishing” refers to fraudulent methods of obtaining personal information. There are a number of phishing methods that fraudsters employ, the most common being by email. Phishing emails are designed to look as though they come from legitimate companies (often banks and credit card companies) with the aim of tricking you into entering personal information such as:
- Online bank log-in usernames and passwords
- Personal Identification Numbers
- Social Security Numbers
Phishing emails often look very realistic at first glance. They often contain duplicated logos and links to the company’s genuine website in an attempt to convince you that the communication is legitimate. However, the link contained in the email will take you to an imitation website (known as a “pharming” website) or pop-up window, where the cyber-criminals hope you will enter your sensitive information and passwords.
You’ll often see scare tactics used with phishing emails, stating that an account will be closed unless information is updated, or that there has been unauthorized access to one of your accounts so a password change is required. High-profile websites like Amazon, PayPal, and eBay have historically been prime targets of phishing scams. Recently, however, social networks have also been targeted, with phishing emails purporting to be from Facebook, Whatsapp, Snapchat, and Instagram; these emails contain malicious links that are designed to gain access to your contacts list for spamming purposes.
Although phishing scams are thought of as a modern phenomenon, they have been occurring since the early days of the internet. There’s a reason they’re still around today: they’re big earners for criminals. Statistics indicate that over half of internet users get at least one phishing email per day; that’s over 100 billion spam emails sent around the world every day!
The Anti-Phishing Working Group estimates that around 5% of adults within the United States are tricked into responding to scam emails, costing over five hundred million dollars per year.
It’s not just individuals who are targeted; companies both large and small have also fallen prey to phishing emails, leading to huge data breaches and devastating financial consequences. Luckily there’s steps you can take to avoid being scammed. Read on for essential tips to protect yourself and your private information.
#1 Recognize common characteristics of scam emails
Phishing emails tend to share some common characteristics that can help you identify them. Look out for:
Generic greeting – If the email starts with Dear Customer or Dear Sir/Madam, this should be an immediate red flag. Most high-profile businesses will personalize emails with names and account numbers.
Poor grammar and spelling – Phishing emails often contain spelling and grammatical errors.
Alarming – Phishing emails will try to shock you into taking immediate action by telling you your account or password has been compromised, or that your account will be suspended if something isn’t done.
Unusual sender – Pay close attention to the email address that sent the email.Often the sender’s email will differ in some way from the underlying company that the email purports to be from. Never click on a link or download files or attachments from an unknown source.
A company you’ve never done business with – Phishing emails are sent to thousands of people, in the hope that a few will fall for it. As a result, the email may be asking you to reset a password for a company you have never dealt with. If so it is almost certainly a scam.
#2 Never click on an email link asking you to enter sensitive information
Always go to your bank’s website to enter information or update passwords. Don’t follow any links provided in an email – type the URL for the website you want to visit into the search bar or use a bookmark that you have previously created. Banks and other financial companies will never ask you to enter personal information through an email; they will always ask you to log in on their secure website.
#3 Exercise extreme caution with pop-up windows
Pop-up windows can appear to be part of a trusted website, but there is no way to tell if it has been maliciously installed by someone else. Never enter any personal details into a pop-up window. If one appears unexpectedly, click the cross in the top right corner to close it immediately – do not click anything else, as this can trigger the installation of malware or viruses.
#4 Check websites are secure before entering any details
Is “https://” visible in the website’s address bar with a green padlock? The “s” at the end of http means secure, and along with the padlock reassures you that information you send is protected and only visible to those meant to see it. However, these can be imitated so click on the green padlock to view the security certificate and ensure it correlates to the site you want to visit. If the name on the security certificate is different, do not enter any information and exit the site. Contact the company directly if you cannot verify this certificate.
#5 Install firewalls on your computer and ensure all anti-virus and malware protection are kept up to date
Firewalls and strong anti-virus programs are your first line of protection in the fight against phishing attacks. For maximum protection use both a network firewall and a desktop firewall. These defend your computer and network from possible intrusion. Keep all hardware, software and web browsers fully updated for maximum protection.
#6 Use your web browser to help identify fraudulent websites
Most well-known browsers have the ability to block fake websites which may be trying to extract your personal information, or infect your device with malware. It’s important to keep your browser updated, as vital security patches and bug fixes essential for keeping you safe from hackers are often contained within updates.
#7 If you have any doubts about an email, call the company in question
If you receive unsolicited emails asking you to take certain actions, call the company. They will be able to tell you whether the communication is genuine. Do not use contact numbers provided on the email; either go to the company’s website to obtain the number or use one you have previously stored.
#8 Check bank statements regularly
Check bank statements and online banking records regularly for suspicious transactions. Contact your bank immediately if you see any transactions that are unfamiliar or questionable. Your bank will be able to block any further transactions immediately.
Email phishing scams are increasingly harder to detect and can end up having long-lasting consequences for their victims. But a little knowledge, planning, and awareness will allow you to stay one step ahead of the phishers, keeping your bank account and personal information protected.
If you believe you have been the victim of financial fraud, contact a litigation firm like the Law Offices of Robert L. Hill, APC, to understand your rights and potential remedies.