As any type of fraud, phishing can be extremely damaging. We have already seen an uptick in fraudulent emails in the last month. Use these pages to find out more about phishing - what it is and what risks it poses. Don't get hooked!
What is Phishing?
Phishing refers to different types of online scams that ‘phish’ for your personal and financial information (e.g., your passwords, Social Security Number, bank account information, credit card numbers, or other personal information).
These messages claim to come from a legitimate source: a well-known software company, online payment service, bank, or other reputable institution. Some will use an organization's email address, logo, and other trademarks to fake authenticity. Phishing messages may also appear to be from a trusted friend or colleague.
Phishing messages can come from a growing number of sources, including:
- Email
- Phone calls
- Fraudulent software (e.g, anti-virus)
- Social Media messages (e.g., Facebook, Twitter)
- Advertisements
- Text messages
What is spear phishing?
More sophisticated attacks, known as spear phishing, are personalized messages from scammers posing as people or institutions that you trust. They often collect identifiable information about you from social media or the compromised account of someone you know to make their messages more convincing. Never transmit sensitive information over email or social media, even if the message requesting information appears to be legitimate.
Signs of phishing include:
- Ultimatum: An urgent warning attempts to intimidate you into responding without thinking. ‘Warning! You will lose your email permanently unless you respond within 7 days’. This has been popular recently.
- Incorrect URLs: Scammers may obscure URLs by using hyperlinks that appear to go to a reputable site. Hover your mouse over any suspicious links to view the address of the link. Illegitimate links often contain a series of numbers or unfamiliar web addresses.
- No signature or contact information: Additional contact information is not provided.
- Too good to be true offer: Messages about contests you did not enter or offers for goods or services at an unbelievable price are likely fraudulent.
- Style inconsistencies: Pop up windows that claim to be from your operating system or other software may have a different style or colors than authentic notifications. Messages that claim to be from a reputable organization may be missing branding aspects such as a logo.
- Spelling, punctuation, or grammar errors: Some messages will include mistakes.
- Attention-grabbing titles: "Clickbait" titles (e.g., "You won't believe this video!") on social media, advertisements or articles are sensationalist or attention-grabbing and sometimes lead to scams.
- Social Media Quiz: We see these plastered all over facebook. Many times these are designed to get answers to a person's password security questions. Most security questions are common and based on our location. "What was your high school mascot?" sounds like an innocent question, but can lead to gathering a lot more information about a person.
For more information, see the FTC's page about Phishing.