Phishing scams have become more invasive and intelligent since the days of foreign princes reaching out to confirm your bank account numbers and collect your newly found inheritance. Many of us already know to avoid pop-up ads and not to click the links in suspicious emails.
Today, however, social engineering is often used to acquire login credentials and credit card information. Phishing can occur through text, instant messages across social platforms, and email, even email messages designed to look like they’re coming from a friend or colleague.
You can detect and avoid phishing by staying alert and putting a few best practices into place:
- Routinely watch domain names: if you receive a message from a colleague or professional entity (bank, store, etc) from an @gmail or @yahoo address, don’t open it or respond.
- Grammar matters! Look for it: If you are receiving messages from businesses and individuals who are usually well-spoken and professional that now have misspellings and a poor writing quality, be suspicious.
- Beware of urgency: You don’t know anyone who needs you to buy them ten gift cards and send a picture of the barcode scratched off right now. If your supervisor or your friend is having an Apple gift card emergency, they’ll call you.
- Bookmark sites you often use, and access those sites through your bookmarks: If you get a suspicious email from Amazon or your bank, don’t click through from the email. Close the email, open a new browser, and visit their website through an existing bookmark, or type in the website. If there’s truly an issue, you’ll see an alert after logging in.
- Don’t trust texts from numbers you don’t know: In 2021, few texts come from numbers you don’t have saved. If it’s not DoorDash, a 6 or 11 digit random number has a high chance of being a scam.
- Businesses don’t call to confirm your personal information: The IRS won’t call you to ask for your bank account, nor will the police call to ask for your social security number and threaten to arrest you if you don’t transfer money. If you feel the call might be legitimate, hang up, and call the business directly. They’ll be able to help you report a scam or address the issue directly
- If you’re not sure, ask first! Think a suspicious email might really be from a friend or colleague? Not sure if there truly is a problem with your bank? A quick call will answer all of your questions and help to prevent future phishing scams.
If you think you’ve clicked on a phishing link or might have been the victim of a phishing scam, take a few quick actions:
- Disconnect your device from the internet immediately
- Run an antivirus and malware scan before accessing future internet files
- Change your account login credentials
- Monitor your credit card charges for fraudulent activity
Staying alert is the best defense against socially engineered phishing. Trust your instincts and your IT team’s advice to keep your files, identity, and credentials safe.