Phishing: What It Is And How Not To Get Caught

Easy steps to stay safe

What is phishing?

Phishing is when someone tries to trick you into divulging sensitive information like passwords, bank accounts, etc. Phishing attacks are often conducted via email where the email is made to appear as though it’s coming from someone you trust.

Phishing: Don't get caught by surprise

Examples of phishing

One example of phishing would be if a scammer sends you an email that’s disguised as though it’s coming from the president of your company asking you what your password is and making up some excuse why it’s needed. But when you reply to the message, your information actually goes to the scammer instead.

Another example could be an email that’s made to look like it’s coming from someone in IT telling you that your password is going to expire in 2 days and you have to go to a website and change your password. The email contains a link you’re supposed to click in order to complete the password change. Except when you click the link you’re taken to a phishing website that asks you for your old password and your new password. When you fill out the form and submit it, the scammer now has your password.

Or you could receive an email disguised to look like it’s from your bank and telling you they are implementing a new system and need you to log in and approve the change or your credit card will stop working. Inside the email is a link that takes you to the phishing website where again the scammer will receive your password if you attempt to login.

Easy steps to avoid phishing attacks

Although phishing attacks are getting more sophisticated, the good news is you can stay safe by following some simple rules:

  1. NEVER give out sensitive information over email. Passwords, usernames, account numbers, SSN, and other sensitive info shouldn’t be exchanged over email.
  2. Check with the sender before responding. If you ever do receive a request for sensitive information, call the sender and ask if they really sent it. That way you’ll know for sure if the request is legitimate.
  3. Check the email address you’re replying to. Most email phishing attempts will look like they came from a trusted source but once you click reply, the actual email you’re replying to is the phishing attacker. You should be VERY suspicious anytime the email address when you reply doesn’t match the person who sent it.
  4. Don’t click any links in an email without verifying the email first. In Outlook, if you hover your mouse over the link, it will show you the actual address of the link. If the actual address doesn’t match the address that’s displayed you should be suspicious and don’t click the link until you verify that the email is legitimate. In any case, it’s a good idea to call the sender and verify the email is legitimate.

Conclusion

Phishing is when someone attempts to trick you into giving out sensitive information. Phishing is most often attempted via email.

Phishing attempts are on the rise and getting more sophisticated but you can increase your safety by following these simple rules:

  • Never give out sensitive information through email
  • Check with the sender before responding
  • Check the reply email address matches the person who sent the email
  • Don’t click any links in an email before verifying with the sender first

– Weston Henry

Questions:

Have you ever been the victim of a phishing attack?

What other ways are there to avoid falling for a phishing attack?