How to identify, prevent, and report phishing attacks
The best way to identify phishing attacks is by remaining vigilant of suspicious activities such as looking for secure URLs beginning with https://. Phishing attacks can be prevented by not clicking on suspicious URLs, calling vendors directly to confirm authenticity of invoices or bills, and making sure you use an updated anti-virus and anti-malware program.
If you suspect a phishing scheme it is recommended that you delete the email and mark it as spam or report it to the FBI. Finally, when working on a work email it’s important to report phishing attacks to your IT department.
When you become a victim of a phishing attack, you lose. You lose time, money and energy.
Your entire digital life, including your financial health and online identity, can be wiped out. Everything from credit card and financial data to social media accounts and email handles can be comprised.
Consumers recently reported billions of dollars in losses in fraud to The Federal Trade Commission (FTC).
FTC report data shows million-dollar losses related to online shopping and imposter scams, which can come from email and data phishing schemes.
We’re all vulnerable to social engineering attacks. The bad guys target everyone, including consumers and businesses.
They indiscriminately send thousands of sophisticated, harmful emails or spam, making it easy for criminals to gain credentials for stealing identities and financial assets.
In a fast-paced digitized world, it’s easy for us to click too fast or have too much faith in what we see on the screen. To avoid becoming a victim, learn how to spot, evade and report phishing abuse.
What is a phishing attack?
Phishing is a form of social engineering that targets humans first instead of technology. It’s a highly successful method global cyber criminals use to leverage people’s fear or emotional weak spots.
Phishing emails, also called SPAM emails, are fake emails that appear to come from a reputable source. They often lure you with offers to get something for free as bait, which inspired the term phishing.
Phishing messages mimic a trusted sender, such as your bank or internet provider, to trick you into providing confidential information, such as passwords or banking credentials.
The primary goal is to gain access to your private credentials for theft or to cause harm. More sophisticated schemes are designed to entice victims to give away sensitive information or click on harmful email links.
For example, a phishing scam may ask you to download an attachment that can infect your computer with viruses or other malware.
What are the different types of phishing attacks
There are a variety of harmful ways cybercriminals use phishing emails to lure people into giving away sensitive information. Criminals can also create vulnerable opportunities for you to provide access to your devices or networks to harvest your personal data for theft.
The different types of phishing attacks include:
- Spear phishing is a highly targeted attempt to specific groups of people with sophisticated-looking emails and believable URLs or links enticing people to provide essential credentials or install malware to intrude on someone’s network.
- Smishing attacks come from SMS or text messages and phishing scams. They typically look like a bank or utility company claiming you bought something or need to pay a bill. Smishing attackers take advantage of text messages’ lack of sender domains and branding indicators, making these attacks difficult.
- Vishing voicemail phishing techniques include predators posing as vendors or customer service representatives. They try to engage victims verbally to provide sensitive information over the phone.
- Pretexting phishing scams use the ‘pretext’ of a story to lure you into making a payment or giving up sensitive information. Examples of pretexting scams include someone claiming to be IT support, a support person claiming your information has been compromised, or someone offering you an award or claiming you won a prize. Attackers take on a role to play to lead you through a scenario.
- Angler phishing techniques are associated with social media. Criminals create accounts similar to known brands to engage in public messages as appearing to be friendly legitimate, helpful sources. For example, they can impersonate a customer service agent to engage in direct messages where they attempt to gain private information.
Knowing the types of phishing scams will help you to stay alert about protecting yourself against fraud.
How do you identify phishing attacks?
Phishing attacks can come in an array of email forms.
If you see one of these techniques, chances are it’s a phishing email. Here are some warning signs to watch for in your email inbox.
- Emails offering you something too good to be true.
- Messages with a threatening or suspicious sense of urgency, typically with misspellings or using all caps.
- Spelling errors in the domain name from where the email is sent, which can be difficult to spot. For example, a phishing scam could use a lowercase L (l) instead of a lowercase I (i) to create a fake email domain, such as bankofamerlca.com.
- Emails that use exclamation marks or all caps for an urgent call-to-action in the subject line. Reputable bank institutions typically don’t use exclamation marks or all caps in their subject line.
- Requests for you to share, confirm or verify private financial information, such as social security numbers, bank account numbers, personal addresses, phone numbers, or any other confidential information that could be used for identity theft.
- The use of a generic greeting salutation versus using your name, such as “Dear Customer.”
- Emails asking you to download or open an attachment.
How can you prevent phishing attacks?
Phishing emails are becoming more and more sophisticated, so they’re not always easy to spot. Even tech savvy professionals can fall prey to them.
It’s in your best interest to stay vigilant and practice the following security measures:
- Don’t click suspicious links or URLs within an email asking you to share any information that should be considered secure, especially from organizations that may store your financial information. It’s likely a phishing scam.
- Delete, report or use spam filters to block suspicious unsolicited emails asking for personal or private financial information. Even though the email may look authentic, reputable institutions never request sensitive information over email for security reasons.
- If you’re unsure whether or not an email is legitimate from a personal, financial or business vendor, call vendors directly to investigate your concerns or verify urgent requests.
- Test the true destination of an URL or link in uncertain emails to verify the legitimacy of a link. If you hover your mouse over a link, the real URL destination will show at the bottom of your screen. However, be careful to avoid clicking the URL while hovering.
- Verify URLs by entering the link into a web browser. Look for the padlock symbol located before the URL, indicating it’s a secure link, along with the letter “s” after the http, before the colon and the forward slashes – https://.
- Utilize browsers that have anti-phishing features you can switch on to protect your computer from phishing scams.
- Never download or open an attachment from an unknown or suspicious email.
- Make sure you have updated anti-virus programs on your devices and a firewall for your networks.
- For more information about Internet fraud and tips for identifying fraudulent emails and web sites, please visit http://www.fbi.gov/scams-safety/e-scams.
How do you report phishing attacks?
You can contribute to the fight against phishing schemes and spam in the following ways:
- Use the spam button in webmail to quickly and easily report phishing schemes.
- Submit spam, phishing, or fraudulent email complaints to your IT department.
- Report fraud or suspicious emails to https://reportfraud.ftc.gov/#/
Why is it important to report phishing attacks?
Phishing attacks are currently sophisticated enough that they’re impossible for email providers to completely block or prevent without disrupting the flow of useful information.
It’s a widespread headache for businesses and consumers alike.
Astound invests in the constant monitoring of phishing messages to intercept, report, or place spam fingerprints on email messages to block them. Astound reports messages to Google Safe Browsing so browsers can help reduce phishing scams.
Sophisticated phishing emails are frequent enough that too many fall through the cracks into consumers’ inboxes. Consumers must be vigilant and report, block or alert spam filters to abuse when they see it.
Taking these actions protect you and provides businesses with helpful information to prevent or mitigate their customers’ phishing and spam issues.
Social engineering attacks like phishing scams work. However, they fail when informed consumers confront suspicious messages. The most significant way to avoid phishing attacks and protect your privacy is to learn how phishing schemes work and how to recognize them. An ounce of prevention is worth a pound of cure.
While we have made every attempt to ensure that the information contained in this site has been obtained from reliable sources, Astound Broadband is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this site is provided “as is”, with no guarantee of completeness, accuracy, timeliness and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. Certain links in this site connect to other websites maintained by third parties over whom Astound Broadband has no control. Astound Broadband makes no representations as to the accuracy or any other aspect of information contained in other websites.