We’ve all gotten those annoying scam emails in our inbox saying something like “you’ve won a free cruise, click here to claim!” or “update your profile on your bank’s website” (in a format in which you know it’s not from your bank). These are usually pretty recognizable and go in the junk mail right away. However, email scams are getting more advanced and some look pretty legitimate.
Phishing is a form of identity theft in which a scammer uses an authentic-looking email from a legitimate business to trick recipients into giving out sensitive personal information, such as a credit card, bank account, Social Security numbers or other sensitive personal information. So, how do your protect yourself from these “phishy” emails? How do you know what’s legit and what’s not?
Here a few things you should know:
1. Know what to look for. Websites that are safe to enter personal information begin with https:// instead of http:// . Phishing emails are usually very generic since they are sent in large batches. If it’s not personalized, that’s the first sign it might not be legit. Roll your mouse over the link in emails and see it matches what appears in the email. In general, be suspicious of any emails asking you for personal information in a timely matter.
2. It’s not just Emails. With so many advances in technology and social media, hackers have made advances as well. This is called Clickjacking, which allows hackers to hide viruses and other threats under the content of legitimate sites. When visitors click on links on pages that have been clickjacked, they can unknowingly become victims of malware downloads. In 2012, there were 4,000 phishing URLs designed for mobile web. For example, one common attempt are Twitter messages saying something like, ““Hey somebody is posting really bad pictures of you” with a shortened URL link that takes you to what seems like a legit website. There have also been reports about “phishy” text messages trying to get people’s bank information.
3. Play it safe. If something looks “phishy” in an email or message, contact the parties who purportedly sent you the emails directly to verify the message. The click jacking course of action if you accidently click on a link is to change your password ASAP. Always use a URL that you know to be valid. Do not copy the one sent in any given email. Remember those may be the bad URLs and copying one of them into your browser has the same effect as clicking on the link.
4. If you feel you have to click on links in emails, make sure you only do so in emails that you are expecting. This doesn’t mean you shouldn’t trust any emails you receive, it just means you should be cautious of the emails you weren’t expecting or from a user you are not familiar with. For example, let’s say you order something online and the company sends you a link to track your order, or you sign up for a service in the cloud, like file sharing or social networking and the company sends you an email with a link back to the service website that you click on to confirm your identity. These confirmations normally arrive shortly after you sign up or order something, so you know that the sender is authentic. Bottom line, be aware and think before you click. There are plenty of security tools out there that can block malicious links and downloads in emails, instant messages, or websites. It’s worth the extra time and effort to protect yourself online.
Article By : Shannon McCarty-Caplan
Shannon McCarty-Caplan has over a dozen years of experience helping consumers find the security solutions they need to protect their families, privacy and critical data. Shannon is a news junkie with a BA in Journalism from the University of Arizona. On most days, you can find Shannon tweeting or blogging about security issues impacting women and families or geeking out on the latest new tech toys. Shannon resides on the North Coast (Chicago) and spends her free time volunteering for two non-profit organizations, studying foreign languages and traveling with her husband.