What is Phishing?

If you have an email account, odds are you’ve received a phishing message in your inbox before. To get your attention, phishing attacks use emails designed to look like urgent messages from banks, credit card companies—even the federal government. For instance, scammers will send emails with subject lines like: “Verify your account” or “Confirm billing information“ to lure people to phony web sites that look similar to real sites of the company they’re impersonating. Thinking that they have landed on the organization’s webpage, people may enter in their personal username and passwords—unknowingly disclosing their private information to scammers. Banking, donation and government/tax sites are some of the most frequently impersonated websites.

Phish food for thought

Similar to your mother joining Twitter and Facebook, phishing attacks have also “gone social.” Suppose you receive a Facebook message with a link asking: “Hey, do you remember this photo?” You click, expecting to see a picture and you are taken again to the Facebook login page. However, if you aren’t paying close attention you may not notice that you’ve been redirected to a scam site spoofing Facebook and the account information you enter will be visible to scammers.

If you’re checking email or surfing social media sites from your phone, you may be more susceptible to falling victim to a phishing attack. Studies have shown that you are three times more likely to click on a suspicious link from a phone than from a PC. Due to the small form factor of your mobile device, it’s more difficult to see if a link is legitimate or not. For instance, when looking at a large monitor screen you may notice that a URL reads “paypai.com” instead of “paypal.com,” but on a mobile device it is much more difficult to spot this distinction.

Do not take the bait

Luckily, there steps you can take to dodge these phishing schemes. Follow these quick tips to steer clear of clicking on unsafe links and keep your private information safe!

• Avoid clicking on links in email messages if it’s hard to determine who the sender is and what their intentions are.
• Messages requesting your password, login, or any other important financial information should raise a red flag. Unless it’s from a trusted friend or family member, send them straight to the trash folder.
• Within social media, if you see a phishing scam—don’t click on it—report it. Since these scams survive by going viral, you can help stop them by reporting suspicious activity early on.