Phishing is the act of baiting computer users into revealing confidential information through deceptively important-looking emails, websites and other electronic communications. These messages appear to be trustworthy and may urgently ask you to enter a password in order to supposedly keep an account from being blocked or another time-sensitive action from occurring.
But, don't be fooled: Phishing is a constantly evolving form of Internet fraud. If you quickly send your personal information, thinking you must do so or face consequences, you've been victimized.
When it comes to phishing emails, there are two kinds to watch out for: those from complete strangers, and those that appear to be from a person or a business you know.
Be wary if you receive communications from someone you don't know, and be especially cautious about revealing any personal information to such a sender.
You may be asking yourself, "Why would I ever send information to a stranger over the Internet?" The answer is that Internet scam artists can be crafty. For example, you might receive an email purporting to be from another country's lottery organization, saying, "You've won $5 million! All you have to do is click the link below within 24 hours, submit your Social Security number, bank account information and address, and the money will be deposited into your account!"
When it comes to emails from strangers, the old adage often applies: If it sounds too good to be true, it probably is.
In some cases, you may receive an unusual request that looks like it's from a friend or from a company with which you do business. Your friend or trusted company may have been a victim of email hacking, meaning someone illicitly accessed their email account and sent unauthorized emails. Or, they may be a victim of "spoofing," a practice in which scam artists send emails that are doctored to appear as though they come from a trusted source.
These emails often try to prey on your emotions and create a sense of urgency in the hope that you'll let your guard down. For example, an email appearing to be from your bank may claim your account is overdrawn, and if you don't follow a link in the email and take action, you'll be assessed a fee.
Note that banks and other trusted institutions won't ask for your sensitive personal information via email. If you receive a suspicious email, contact your bank directly via its official website or phone number to verify whether the email is authentic or to report a phishing attempt.
In another type of scam, you could receive an email that appears to be from a family member. The email urgently asks you to transfer money to a bank account, claiming your loved one is in some sort of trouble. If your urgent email is from a friend or loved one, don't take any action on the computer. Call the person directly.
There are a few characteristics that can tip you off that an email is a phishing scam:
- Requests for sensitive personal information. Reputable institutions will never ask for any sensitive personal information by email.
- Expressions of urgency or immediate requests for action. Scammers want you to act before you think, so they create a sense of urgency and a fear of consequences. Don't fall for it.
- Spelling or grammatical errors. Many phishing scammers are from outside the U.S., so their English may not be perfect. Misspelled words, misused pronouns and other errors can be a sign of phishing.
What should you do if you suspect you've received a phishing email? How can you protect yourself?
- Never email sensitive personal or financial information. OnGuardOnline.gov says email is just not a secure way to send information.
- Use updated anti-virus software. Software with an anti-phishing filter can help prevent these emails from ever reaching your inbox.
- Don't click any links in a suspected phishing email. Stop and check the web address first by hovering your cursor over the link. Never simply click on a link, as even this act can invite malware, or malicious software, into your system. Look at the URL carefully. Fraudulent web addresses often substitute extra words or dots where the real URL doesnâ€™t have them.
- Contact the purported sender directly. If the email claims to come from your bank or another trusted company, go to that organization's official website directly by typing the URL into your browser's address bar. If the email claims to be from someone you know, call that person directly.
- Never type personal information or passwords into a website unless you typed in the company's web address directly. You should also look for signals that the site is secure, such as a web address that begins with "https."
- Be cautious about downloading attachments from emails. Such attachments can sometimes contain viruses or other malware, according to OnGuardOnline.gov.
- Look into identity restoration coverage. Falling victim to phishing can often mean that you become an identity theft victim, as well. Identity restoration coverage can help repair any damage to your identity if you become an identity theft victim.
So, what should you do if you believe you've fallen victim to a phishing scam? OnGuardOnline.gov suggests these steps:
- File a report with the Federal Trade Commission. Visit the FTC's website at https://www.ftccomplaintassistant.gov/.
- Protect your identity. If you've been tricked into revealing your personal information to a phisher, take steps to protect yourself from identity theft. Monitor your bank statements, credit reports and other financial documents for any sign of fraudulent activity.
If you are looking for more resources, the Anti-Phishing Working Group (APWG) and United States Computer Emergency Readiness Team (US-CERT) are two respected organizations designed to help disseminate impartial information regarding what the public can do to protect itself from phishing and computer scamming. You can even sign up with both organizations to receive alerts and updates. Vigilance can help you protect yourself from phishing scams.
Thinking about identity restoration coverage? Talk to an Allstate agent today.