How to avoid phishing emails
Here are some qualities that identify an attack through an email:
- They duplicate the image of a real company.
- Copy the name of a company or an actual employee of the company.
- Include sites that are visually similar to a real business.
- Promote gifts, or the loss of an existing account.
Phishing doesn't only pertain to online banking
Most phishing attacks are against banks, but can also use any popular website to
steal personal data such as eBay, Facebook, PayPal, etc.
Phishing knows all languages
Phishing knows no boundaries, and can reach you in any language. In general,
they’re poorly written or translated, so this may be another indicator that
something is wrong.
Have the slightest doubt, don't risk it
The best way to prevent phishing is to consistently reject any email or news
that asks you to provide confidential data. Delete these emails and call your
bank or credit union to clarify any doubts.
Social media sites can have infected links. For example, you receive an Instagram picture from a friend. It's a great picture so you decide to share it
by clicking the Facebook "like" button underneath the image. This can be
dangerous even if the picture came from a trusted source, it's a real Facebook
button and you are not downloading anything. If you can see the picture, you
could have downloaded Malware. If the Facebook "like" link was fake, you also
could have inadvertently download Malware. Malicious software (Malware) can be
disguised as a Facebook "Like" button, picture or audio clip. When you click a
link or open an attachment, malware installs on your device. Unlike early PC
malware, it doesn't ask your permission, and your device is figuratively in the
hands of a criminal.
Free wireless can be dangerous. While at local coffee shop, airport, or public gathering place DO NOT
connect to the "free wireless" network if you are asked to create a temporary
LOGIN to get access to the free wi-fi. Don’t Assume a Wi-Fi Hotspot is Secure.
Most Wi-Fi hotspots do not encrypt the information you send over the internet
and are not secure. When using a Wi-Fi hotspot, only log in or send personal
information to websites that you know are fully encrypted. If you use an
unsecured network to log in to an unencrypted site - or a site that uses
encryption only on the sign-in page - other users on the network can see what
you see and what you send.
Free public wi-fi network can be dangerous. Whenever you have access to a free public wi-fi network, you should NOT
use that free wi-fi connection instead use your mobile wireless connection. Be
smart on open Wi-Fi networks. When you access a Wi-Fi network that is open to
the public, your phone can be an easy target of cybercriminals. You should limit
your use of public hotspots and instead use protected Wi-Fi from a network
operator you trust or mobile wireless connection to reduce your risk of
exposure, especially when accessing personal or sensitive information. Always be
aware when clicking web links and be particularly cautious if you are asked to
enter account or log-in information.
Do not include this information on your social networking profile:
- Your date of birth, including the year
- Your phone number
- Your physical address
- The name of your high school
- Your pets name
Users of social media sites were at greater risk of physical and identity
theft because of the information they were sharing. If you participate in social
networking, you should safeguard your information. Posting your full birthdate
and place of birth, phone number, physical address, and any information that
could be used to guess your password - such as your mother's maiden name - could
provide fraudsters with information to help them gain access to your financial
accounts. So be sure to keep this information safe and update the privacy
settings for your profile.
Be careful when you click on a Pinterest "pin" to enter any type of
promotion. Pay close attention to the URL these pins lead to before
clicking on them. If the URL doesn't seem like anything official to you, don't
click it and don't re-pin it. licking the pin can redirect you to a third party
website, have you rep-in the pin or fill in a survey providing personal details.
These tricks can install malware or gain access to information about you in
order to steal your identity.
Be wary of social network invites. If you receive a message from a friend on Facebook inviting you to join a new
social network, you should suspect that the message is fraudulent and contact
your friend to verify. Don't trust that a message is really from who it says
it's from. Hackers can break into accounts and send messages that look like
they're from your friends, but aren't.
Do not allow access about your contacts. If you join a new social network and receive an offer to enter your email
address and password to find out if your contacts are on the network, you should
decline the offer and DO NOT allow the social network site access
to your email address book. To avoid giving away email addresses of your
friends, do not allow social networking services to scan your email address
book. The site might use this information to send email messages to everyone in
your contact list or even everyone you've ever sent an email message to with
that email address. Social networking sites should explain that they're going to
do this, but some do not.
DO NOT accept a social media connection request from a stranger
of the opposite sex as long as the person looks honest and knows other people
you know. Be selective about who you accept as a friend on a social network.
Identity thieves might create fake profiles in order to get information from
you. That lack of caution can be extremely costly. Most networking sites contain
personal information. When you friend someone, you give them access to that
information and that can be used by fraudsters.
Deleting pictures or videos from your social networking sites will NOT
permanently remove them from the Internet. You need to contact the support
department at the social networking site to make sure they are removed. Assume
that everything you put on a social networking site is permanent. Even if you
can delete your account, anyone on the Internet can easily print photos or text
or save images and videos to a computer.
You can be at risk even if you download Apps on social networking sites that
look official and the App install link is within the social networking site. Be
careful about installing extras on your site. Many social networking sites allow
you to download third-party applications that let you do more with your personal
page. Criminals sometimes use these applications to steal your personal
information. To download and use third-party applications safely, take the same
safety precautions that you take with any other program or file you download
from the web. Modify your settings to limit the amount of information apps can
Do not respond to social media requests. If you receive an e-mail requesting you to update your Facebook, Twitter,
LinkedIn, eBay, or PayPal accounts, do NOT click on the link in
the email and DO NOT
LOGIN and update your account as requested. Before writing your username and
password look at the web address in the browser. The fake ones look similar to
this: http://k2nxw.com/cgi-bin/login/ or www.paypal5281.com. If you are not
sure, log into your real account just like you usually do, by typing the web
address in the browser by yourself and not using the links provided.
Use multiple passwords everywhere. It is NOT okay to use the same passwords for social networking
sites as long as you use different passwords for home banking type sites. It is
correct to use a different password for home banking type sites. However, social
networking sites may not have the security your online financial institution but
using the same password on those sites is like trusting the weakest link in a
chain to carry the same weight. Every site has vulnerabilities, plan for them to
If you do receive offers of pre-approved credit, you should shred the offer
before putting them in the trash. First you should purchase a cross-cut shredder
and shred all your pre-approved credit card offers. Next you should remove your
name and opt-out of receiving these offers by visiting the web site
Understand how your financial institution communicates with you. If you receive an e-mail with your bank's name and e-mail address, explaining
that, for security reasons, you had to click on a particular Internet link and
log in to your account to update your settings. You should delete the email
without taking any action, call or otherwise contact your bank to ensure
credibility and report it to your bank as SPAM. Financial institutions DO
NOT ask for personal or account information via email.
Always be skeptical of attachments. If you receive a message to view a file or video on a social networking site
and from someone within your network (a trusted source), it is still NOT
safe to open the attachment. Criminals are avid fans of social networking sites.
They hijack user accounts to send phishing invites to an account holder’s entire
contact list, post poisoned links to a variety of malicious sites, and send
credible emails with malicious links - abusing the trust that friends normally
share. Some creative criminals have tailored messages to appear to come from the
social networking site itself, designed so that users will divulge their login
credentials or download a Trojan.
Technology-based security measures such as firewalls, encryption, anti-virus,
spam filters, and strong authentication will NOT prevent social
engineering fraud. No matter how much security technology you implement, you can
never get rid of the weakest link - the human factor. A social engineer is
someone who uses deception, persuasion and influence to get information that
would otherwise be unavailable.
If you receive an email from a friend or trusted source, it is NOT
always safe to click on a link or attachment within that email. The email
account of your friend or trusted source could have been compromised and is
being sent to you by a criminal with the intent of getting information or to
have you click a link or open an attachment.
Feedback when incorrect: The email account of your friend or trusted source
could have been compromised and is being sent to you by a criminal with the
intent of getting information or to have you click a link or open an attachment.
It is NOT always safe to click a link as long as the link is
through a popular search site like Yahoo, Google or Bing. Search engine
poisoning makes up 40% of malware delivery on the Web. The practice is when
malware and spam attackers inundate search results with links to bait pages that
will take users to malicious websites that will download malware to a computer.
People want to be able to trust that what they search for in Google, Bing or
Yahoo is safe to click on.
Access web sites through your web browser. Typing the address of a web site directly into your Web browser will ensure
that you are going to the legitimate Web site and not a phishing site that was
designed to mimic the look of the real thing. Unless the site was hijacked or
your computer has a virus, typing the web address yourself is the best way to
guarantee the authenticity of a web site.
Tech support scams are very popular. If you receive an e-mail from a Microsoft support person saying that your
computer is infected by a virus and suggests that you install a tool available
on their Internet site to eliminate the virus from your computer. You should
NOT click on the link even though the email looks official and has
the legitimate firstname.lastname@example.org email address. Email spoofing is e-mail
activity in which the sender's address and other parts of the e-mail header are
altered to appear as though the e-mail originated from a different source.
Be skeptical when there are big news events happening. If you hear on the news that your insurance company has recently been
breached and soon after you receive an email from your insurance company that
explains the breach and provides the necessary steps for you to take. These
steps include clicking on a link to update your personal information and change
your user name and password. You should NOT follow all
instructions to keep your information protected. Now that the criminals have
information about you, they may try to trick you into giving up more information
through fraudulent emails. Be suspicious of urgent emails requesting information
and never open attachments you aren’t expecting even if it’s from someone you
If you are unsure about a link in your email, do NOT copy and
paste the link in your web browser. You could still end up at the malicious site
and potentially load malware on your computer or network. If you are unsure
whether a link you received in an email is safe, it is not safe to copy and
paste the link in the URL section of your web browser.
If you are unsure about a link in your email, it is NOT safe to
forward the link to have it tested by someone else. By forwarding an email, all
you've done is forward a potentially dangerous and malicious email that could
infect someone else's computer or network.
Criminals could strike very quickly. For example, within hours of hurricane,
you receive an email from the Red Cross asking for a donation to help the
victims. This email is most likely a high-profile phishing scam that receives
media attention and is on the forefront of peoples minds. These scams are
effective because they rely on your emotions and compassion.
Be aware of web site extensions. For example, out of these six web addresses,
the "whitehouse.com" is phony because any official U.S. government web site
will end in .gov and not .com.
Clues that an email is fake can include: poor spelling, grammatical errors,
offer of a reward, typos, information request, threatening tone.