Understanding Phishing Scams

Welcome to the Covve Security Series, our new blog series on how to protect yourself and your business online. Good cybersecurity hygiene is critical in the age of data breaches, ransomware, and other digital threats. Over the next few months, we will share some quick and easy steps you can take to effectively enhance your digital security and safeguard your data.

You’ve set up a password manager, two-factor authentication, and secured your devices – what now? Once you’ve cleaned up your digital security hygiene, you still need to be on the look-out for phishing scams. Fraudsters use phishing scams to steal personal information from unwitting victims through email or text message. According to the FTC, scammers stole $59 million using phishing scams in 2019 alone.

Phishing messages use a malicious link or attachment, which then sends the target to a phony website or loads malware on the device in the background. The fraudsters then siphon off the information you enter on the website or from your personal device, such as credit card numbers, account passwords, or Social Security numbers. It is one of the most effective scams out there.

These types of scams have become increasingly sophisticated, with fraudsters using stolen information from data breaches or taken from social media to craft personalized messages that entice recipients to click on them. Often, phishing emails look like legitimate emails from a trusted company, such as Google or Facebook. If you’re not careful, you may end up inadvertently falling victim to one of these scams even if you have taken other steps to protect yourself.

So what can you do to make sure that your information doesn’t end up in the wrong hands?

 

Avoid clicking on unknown or suspicious links that are sent to you. Here are some common types of phishing messages to be on the look-out for:

  • Requests for verification of personal information
  • Claims of suspicious account activity that ask you to login to your account
  • Personalized messages based on your interests, job, or hobbies
  • Imposter calls from the IRS or other government agencies saying you owe money or face legal action
  • Requests for payment or payment information
  • Random giveaways and discounts

 

If you receive an email with a link, even if it looks legit, double-check the sender’s email address or phone number.

  • Phishing emails are often sent from email addresses that look very similar to the company that they are impersonating. For instance, support@1google.com or billing@netflixx.com.
  • Checking the sender’s address will help you spot phishing emails.
  • If you do click on a link, carefully double-check the website domain in your browser’s address bar. Just like with emails, scammers will use domain names that like very similar to the correct address.

 

If you’re unsure whether a message is genuine, go directly to the source.

  • If you get an email asking to reset your password or verify information, instead of clicking on the link directly open the company’s website in your browser.
  • If you receive a call from someone who purports to be with a certain company but you’re uncertain, look up the company’s phone number and call them directly.

Email providers use filters to catch most spam or scam emails but sometimes they can slip through and fraudsters are always coming up with new ways to get through. It’s also important to remember that companies and government agencies will almost never directly ask for personal information over the phone or by email.

 

Keeping your devices up-to-date and enabling two-factor authentication on your accounts will give you an extra layer of security in case you accidentally enter your password on a fraudulent website or click on a malicious link.

If you think that you’ve fallen victim to a phishing scam, change the password for any account you think may be affected. If you have given up payment details, like a credit card number, lock your card and notify the financial institution so that they can put a fraud alert on your account.

Phishing scams are extremely common but by keeping an eye out for suspicious messages and knowing what to look for you can keep the fraudsters at bay and make sure that your personal information stays safe.