Phishing is a term we have all heard, but what does it actually mean?
Is it even something you need to worry about?
Well, a recent Identity Theft Resource Center (ITRC) study shows that phishing was the root cause of 33% percent of cyberattack data compromises in 2021, and increased in volume by 40% over 2020. So, it isn't something to be dismissed.
What is Phishing?
Phishing can come in many different forms, including text messages (smishing), pop-up windows, phone calls (vishing), social media messages, and even bogus websites. In order to gain your trust, scammers may impersonate a bank, government agency, well-known retailer, your boss, or even a family member to trick you into clicking on a bad link or downloading a malicious attachment that gives them access to sensitive information.
The Many Possible Faces of a Phishing Attack
If you are fooled and click on a link in a phishing message, you may be directed to a fake website that looks almost identical to the website of a real organization, such as a bank or credit card company. You may then be prompted to enter sensitive information like an account number, password, or banking PIN.
Alternatively, a phishing attack could infect your device with malware or viruses that can collect information or leave the device vulnerable to future attacks. Some phishing tactics may include:
- Emails that appear to come from a legitimate credit card company, bank, or financial institution requesting account information.
- Emails about a payment issue with a purchase or account, which may include threats of legal action or an account being frozen if the issue isn't resolved promptly.
- Text messages that contain a link or phone number that, if clicked, may automatically open a browser or dial a number.
- Messages that appear to come from a charity or take advantage of current events, such as a recent natural disaster.
- Pop-up windows on a computer or mobile device that warn of phony viruses, promise a prize, or redirect to a scam site.
- Unsolicited phone calls or texts that claim to be from a government agency, public utility, or bank.
Steps to Help Better Protect Yourself Against Phishing Attacks
The FBI's Internet Crime Complaint Center reported that phishing victims lost over $44 million in the U.S. in 2021. Fortunately, there are ways to help better protect yourself and your loved ones from phishing attacks.
- Think before clicking — Be careful to not to click on anything in an unsolicited email or text message. Instead, contact the company to help ensure the request is legitimate by searching for authentic contact information online or on an existing account statement. The same caution should be used for suspicious pop-up windows. Instead of clicking on anything, safely close pop-up windows by finding the corresponding icon on the taskbar, right-clicking, and selecting “close” or “quit”.
- Use strong, unique passwords — Use the longest password or passphrase allowed and set a unique password for each account. A password manager can help you generate, manage, and store distinct and complicated passwords. If a breach of your information is suspected, consider immediately changing passwords of the potentially exposed accounts.
- Safeguard personal and financial information — Avoid disclosing personal and account information over email, and do not to respond to emails asking for this information, including through any links provided in the email.
- Pay attention to email and website addresses — Be sure to carefully examine the email address and website URL in any correspondence. Additionally, it is useful to verify websites you are visiting begin with "https" (rather than "http”) and display a closed padlock icon, to be confident of its security.
- Enable two-factor authentication — Activate two-factor authentication on accounts when possible. If you require an extra code or physical key for login, this extra layer of security can make it harder for scammers to successfully login to an account even if they manage to steal a username and password combination.
- Share safely on social media — Be mindful of sharing too many personal details about you or your family on social media. Scammers can use some information—like pet names, schools, family members, and birthdays—to guess passwords or the answers to security questions.
- Install and update anti-virus software — Install an antivirus program on all computers, phones, tablets, and Internet of Things devices and set it to auto-update. Also, consider equipping all devices with firewalls, email filters, and anti-spyware.
If You Believe You Have Been a Victim of a Phishing Attack
According to the Cybersecurity & Infrastructure Security Agency (CISA), individuals should take the following steps if they believe they have been the victim of a phishing attempt.
- File a report with the Federal Trade Commission, and consider reporting the attack to the police.
- If financial accounts may have been compromised, contact the financial institution, close any relevant accounts whenever possible, and be alert for any unexplainable charges.
- Immediately change any passwords that may have been compromised, including other accounts that use the same or similar password.
- Watch for other signs of identity theft.
For more information on what to do if your information is exposed and subsequently found on the dark web, read My information was found on the dark web, what should I do?