By now, you’ve probably seen an example or two of a phishing attempt. Maybe it was an e-mail message that asked you to quickly follow a mysterious URL to “verify your account” or “confirm billing information.” Once you have clicked on the link or supplied personal information, the phisher is able to access your accounts. Once the phisher has access to this information, your chances of becoming a victim of identity theft triple. A phishing phone call may appear to be from a familiar source, a highly-recognizable business or a survey conductor attempting to gain personal and financial information.
Recent reports cite phishing (one of the oldest computer scams) is still one of the fastest growing forms of fraud, and one of the most successful. As consumers and employees, it’s important to be able to identify a phishing scam to not only protect our personal and financial data, but also the company data we can access.
Below is a list of general rules to help you avoid phishing scams:
- Be cautious when opening emails that manipulate you emotionally. Phishers understand human psychology, and will use all sorts of tricks to get you to open or respond to emails: promising free gifts, warning you that your account has been suspended or even an urgent security warning that seems to come from your computer technician should all be suspect if they ask for inappropriate information (like your social security number or usernames and passwords).
- Never respond to emails that request personal or financial information. Your bank or your employer will never ask you for bank account details, Social Security number or passwords by email. The email requesting this information may look absolutely legitimate – it can have the right logo, even the right design and typeface, of a reputable company – or it may even seem to be from someone you personally know and trust. Still, always delete these without replying or taking any action. If ever in doubt, call the bank or the person the email is supposedly from to verify that they sent it.
- Never go to your bank’s or a vendor’s website by clicking on a link included in an email. Do not click on hyperlinks or links attached in emails, as they could take you to fraudulent websites that lure you into “logging in” to your bank or other high-value e-commerce account. These fraudulent websites might look absolutely genuine, but what you are really doing is handing over they keys to your accounts to criminals. Type in the URL directly into your browser whenever you want to visit a financial or e-commerce website.
- Check that the websites you visit are secure. If the websites you visit are on secure servers, they should start with https:// (the “s” stands for “security”) rather than the usual http://. Never enter personal or financial information except into an https web page.
- Keep your computer secure. Phishing emails often contain spyware and keyloggers (programs that can record your keystrokes and what you do online) or create a back door to allow attackers into your computer. Make sure you have antivirus software and that it’s up to date to catch these malicious programs before they can do harm.
At CenturyLink, we encourage customers to be aware of and to report suspicious activity to firstname.lastname@example.org. Read the full article originally published on our Bright Ideas blog “Five Tips to Avoid Falling for Phishing Tricks.”