What is phishing?
Phishing tries to entice you to give up personal information, such as credit card or social security numbers, usernames and passwords, etc. While email is the most common method, it can also happen over the phone, through text messaging, on social media and other websites, or even in person. Phishers may be after quick financial gain, or expanding their network of compromised accounts, or to steal your identity!
The most common phishing technique is to send an email that either looks like it comes from an official source (a social media platform, your bank, a service provider, etc.) or from someone you know, such as a friend, family member, or your boss. Phishing messages often contain threats like "your account will be canceled", or it may threaten your social or professional relationships, such as by releasing embarrassing or incriminating data. It may ask you to confirm or provide personal information; often you are asked to click on a link, which will take you to a page asking for this information.
While a link may look legitimate, appearances can be deceiving! A link can look like one name (e.g. www.google.com) but actually point to a completely different site (e.g. www.badGuys.RUs). This imposter site often looks exactly like the real one you expected to be visiting, including providing space to can enter the information the attackers are after, such as your username and password, credit card or social security number, date of birth, etc. If you do, however, rather than providing it for any legitimate use you are actually sending it to the bad guys, who can now use it for any number of nefarious purposes.
How to avoid becoming a victim
- Never reply to an email asking for personal information. If you think the request might be genuine (e.g. an email supposedly from your bank about information for a loan you're applying for), reach out to the sender directly, but never trust any contact information in the email itself, including the from address.
- If you receive an email from someone you know but it seems out of character, contact that person directly.
- Hover your cursor over any link before you click on it to see where it really goes. Most browsers and email clients will display the real link at the bottom of the window or next to your cursor.
- Even if you're sure the link is safe, you should type the address into your browser yourself.
- Never enter personal information into pop-up windows.
- Always keep your computer up to date with the latest patches, and your anti-virus software running and up to date.
Always be suspicious
Any email, especially those with links or attachments, could potentially be a phish or other type of fraudulent or malicious message. The sender's name is easily forged, so it's not enough to know the (alleged) sender. If you're unsure, reach out and verify; however, just as you wouldn't ask the stranger at your door if he's a conman (whether he is or he isn't, you can expect the same answer!), don't hit the reply button on that email!