Phishing attacks collect your personal and financial information using email, text, or malicious websites to infect your digital devices with malware. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers or mobile phone and makes the user vulnerable to an attack. Think twice because cybersecurity is the collective responsibility of everyone.
Phishing emails or texts may appear to come from a trusted financial institution, e-commerce site, a government agency, or any other service, business, or individual. The email or text may ask for account numbers, passwords, or Social Security Numbers. When users respond or click on a link, attackers take the data to access users’ accounts.
HOW CYBERCRIMINALS LURE YOU IN
“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
“During our regular verifcation of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
HOW YOU CAN OVERCOME THEIR TACTICS
- Play hard to get with strangers. Links in emails, texts and online posts are often the way cybercriminals compromise your devices. If you are unsure who the message is from—even if the details appear accurate—do not respond, and do not click on any links or attachments—just delete it. Be cautious of generic greetings, as these are often phishing attempts. If you question the message, call the company directly.
- Think before you act. Be wary of messages that implore you to act immediately, causing you to fear your account is in jeopardy. If you receive a suspicious message that appears to be from someone you know, reach out to that person directly on a secure platform. If a message is from an organization, but still looks “phishy,” reach out to the organization to verify the message.
- Check hyperlinks. Avoid clicking on hyperlinks in messages, and hover over links to verify authenticity. Ensure that webpage URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.
- Once you post on the internet it is there forever. Keep personal information to yourself. If people have key details from your life like your job title, full name, birthdate and more, they can attempt a direct “spear-phishing” attack on you. Criminals can also use social engineering with these details to try to manipulate you into skipping setting up normal security protocols. In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems.
- Be alert for suspicious emails. If you receive an e-mail from a known vendor that seems suspicious, encouraging you to click on a link to your account, do not click on the link or call the number in the email. Instead, login directly to your account to verify if there are any issues with your account or call the company using the number listed on their website.
information provided by the Cybersecurity & Infrastructure Security Agency.