This year’s theme is “See Yourself in Cyber” and focuses on the people aspect of cybersecurity. We can all do our part to keep ourselves, our families, our organizations and our data safe from cyber crime. This week’s focus is how to recognized and report phishing.
Phishing is a form of social engineering. The most common form is through email, although phishing can also be used in text messaging and phone calls. Hackers use phishing techniques to try to con you out of providing personal information. Once they obtain the information, they can use this for further hacks of your accounts, sell it on the dark web or install malware on your device.
Common indicators of this type of attack include:
- Generic greetings like Sir/Madam, Valued Customer or Dear Account Holder.
- Misspellings or poor grammar.
- Unfamiliar webpages contained in links.
- Spoofed sender. Make sure to look closely at the sender’s email address. Is it a close match? Did they use VV instead of W? If you hit reply, is it going to the expected sender?
- Misleading links that direct to a site different than what is displayed in the text.
- Links to websites or forms requesting login or personal information.
- Threats or sense of urgency. ‘Act now or….’
If you think you may have received a phishing email you should report it.
- If the message is through your work-related email account, you should have a mechanism for reporting it. Sometimes it will be a reporting button added to your platform. Check with your organization to see the best way to report.
- Most email apps will have a way to report these scams, too. Normally it will be in the dropdown menu in the window of the message.
- It can also be reported directly to the FTC at ReportFraud.ftc.gov.
- Report a spam text message by copying the message and forward it to 7726 (Spam).
Always be wary of emails with links. Any email that uses threats or requests immediate actions should be carefully scrutinized. Do not respond directly to the sender or click on the link. Instead, open a web browser and manually enter the URL of the website. If this is a site you do business with, it will have a notification when you log in. Also, call the organization and question the legitimacy of any requests. Never transfer money without personally verifying the request. Legitimate companies will not request gift cards for payments.