Phishing is an attempt by bad actors to obtain your personal information by masquerading as a trustworthy entity. Commonly, phishing attempts occur through email although they may happen through other media as well.
Recently, you may have seen an emails that a product you ordered is ready for pickup at a nearby store although you may not have ordered anything. The “phishing” emails are formatted to look like they came from reputable retailers.
Some tips to keep you protected:
- Be wary of emails that contain generic greetings like “Dear [Company Name] customer”
- Don’t trust an unfamiliar email that claims someone has accessed your account information or that you’ve won a special prize you need to claim immediately.
- Always check where a link is going by hovering your mouse over the link (without clicking it) and looking at the website address in your browser’s status. If it appears suspicious, don’t click the link.
OnGuardOnline.gov, provided by the Department of Homeland Security, provides resources to keep yourself safe while online. Their suggestions to avoid phishing attacks include:
- Don’t email personal or financial information. Email is not a secure method of transmitting personal information.
- Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the “s” stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer’s security.
If you do receive a phishing email, OnGuardOnline.gov recommends that you forward It to email@example.com – and to the company, bank, or organization impersonated in the email. An additional report to the Anti-Phishing Working Group at firstname.lastname@example.org will notify a group of ISPs, security vendors, financial institutions and law enforcement agencies which use reports to fight phishing.
Bob Siegel is a security and IT expert who runs Privacy Ref. Bob helps companies develop privacy policies as well as training and consulting on privacy issues. Contact Bob at email@example.com or 1-888-470-1528 ext 801.