One day an email lands in your inbox, but you don’t recognize the sender; or the message seems odd. Maybe there’s an urgent request to take an action you might not normally take. These are all common examples of phishing, the practice of sending a fake email (phishing) or text (smishing), or receiving a phone call (vishing) believed to be from a known source. Thieves try to trick you into sharing personal information, installing malicious software on your device, or sending them money and/or gifts cards. If you can spot the red flags of phishing, you’ll be in a better position to avoid potential trouble ahead.
What are the types of phishing attacks?
Common phishing attacks include:
- Deceptive phishing. The sender impersonates a legitimate company or person you’re familiar with. The thief makes an urgent plea for you to share personal or financial information right away.
- Spear phishing. Here the email is more personalized, to increase the likelihood of you falling into the thieves’ trap.
- Link fraud. Thieves embed a link in an email that redirects you to an unsecure website that requests private information they can steal.
How to detect phishing attacks
Phishers apply pressure to get you to respond to their request. Don’t be drawn in immediately. Instead ask yourself if this is something the person or company they’re claiming you know would do or say. If the answer is ‘No,’ don’t click and don’t reply. If you’re unsure, go to the source by contacting them directly.
Make it a habit to carefully check the sender's email address. Oftentimes, the fake email is so like a real address you may not spot the error (e.g., firstname.lastname@example.org or email@example.com). Double checking the email is especially important on mobile devices, since the email address often isn't displayed. You may need to tap the display name of the sender to see the email address.
Before clicking on a link or replying to a text or phone request for information, think about how you normally do business with that person or organization. A phishing attack example might be that you typically receive a paper statement. This time you receive an email prompting you to view your account balance online. You should be suspicious.
Tips to prevent phishing attacks
Whenever possible, enable two-factor authentication (2FA) for your email. 2FA provides an added layer of security. It requires you input your username and password as well as another factor such as a code sent via text message. Once you enter the special code, you then get access to your email. Adding 2FA is a good way to help prevent thieves from accessing your contacts then using them to impersonate you in a fake email, if you accidentally fall for a phishing scheme.
Set your spam filter to your highest comfort level to keep out unwanted email. Spam filters are designed to catch emails which don't belong to legitimate companies or persons you normally connect with sooner.
Antivirus software typically guards against known tactics used by thieves and closes online security loopholes. Lastly, keep your web browser up to date. Make sure to install patches as they become available or set them to automatically install. When a new patch is available, you’ll be protected right away.
What to do if you're a victim of a phishing attack
Visit the Federal Trade Commission’s identify theft prevention website to file a report and learn how you can minimize the risk of becoming a victim of identity theft. You can also turn to your Credit Union for help reducing the chances of identity theft, with tips on detection, prevention and resolution.
The advice provided is for informational purposes only.