Phishing has become a normal part of life, unfortunately. Nearly everyone with internet access has a story about how they were, or almost were, the victim of a phishing scam.
What is a phishing scam, exactly? It is when a cybercriminal sends an email requesting personal and/or sensitive information. Their goal is to collect your information or infect your device with malware.
So why is it called phishing? Just like the title of this blog, it’s a play on the idea that cybercriminals are using fake “bait” to lure you in like a fish.
It may seem like an easy thing to spot, but these criminals are tricky and can design a message that appears to be from a legitimate source—perhaps even a company you frequently purchase from or connect with online. Some phishing scams are so professional looking, that if you click on the link (please don’t!) it takes you to a fake company website that appears normal, making you feel safe for a moment.
According to the National Cyber Security Alliance, here are three quick ways to spot a phishing scam:
- Does the sender offer a financial reward, threaten you, or claim to need help?
- Are they asking you for personal information (e.g. credit card number, account number, social security number, password, username, etc.)?
- Are they driving you to click a link and/or download a file of some kind?
These tactics should put you on high alert. If the email is not addressed to you by name or if you notice grammatical errors in the message, those are additional red flags.
The best way to verify you are safe is to contact the company directly. But do not trust a phone number or email address listed within the suspicious email. We recommend opening a separate internet tab and going to the company’s official website to find a phone number or other contact information. You can also look at previous account statements or other official materials you have from that company.
By taking a moment to verify your safety, you’re saving yourself a lot of headache and potentially helping others by alerting the company of the scam.
Contact us if you have any questions about phishing or other cybersecurity best practices.