Phishing attacks are happening everywhere. Online security firm Kaspersky Labs says it repelled nearly 800 billion attacks in 2015, almost 2 million of which were attempts to steal money from online bank accounts.
The Best Defense
- If
you aren’t 100 percent certain of the sender’s authenticity, don’t
click on attachments or embedded links; both are likely to result in
malware being installed. Instead, open a new browser window and type the
URL directly into the address bar. Often a phishing website will look
identical to the original, so check the address bar to confirm the
address.
- Similarly,
never submit confidential information via forms embedded in or attached
to email messages. Senders are often able to track all of the
information you enter.
- Be
wary of emails asking for financial information. Emails reminding you
to update your account, requesting you to send a wire transfer, or
alerting you about a failed transaction are compelling. However,
scammers count on the urgency of the message to blind you to the
potential for fraud.
- Don’t
fall for scare tactics. Phishers often try to pressure you into
providing sensitive information by threatening to disable an account or
delay services until you update certain information. Contact the
merchant directly to confirm the authenticity of the request.
- Be suspicious of social media invitations from people you don’t know. According to Kaspersky Lab research,
over one in five phishing scams target Facebook. Phishers rely on your
natural curiosity to click on the person’s profile “just to find out who
it is.” However, in a phishing email, every link can trigger malware,
including links that appear to be images or even legal boilerplate;
scammers use your hijacked account to send spam to your friends, because
spam from real accounts is more believable than spam from a fake
account.
- Watch
out for generic-looking requests for information. Many phishing emails
begin with “Dear Sir/Madam.” Some come from a bank with which you don’t
even have an account.
- Ignore emails with typos and misspellings. Recent real examples targeting TurboTax include ”Your Change Request is Completeed” and “User Peofile Updates!!!”
- Update and maintain effective software to combat phishing. Reliable anti-virus software should also automatically detect and block fake websites, as well as authenticating the major legitimate banking and shopping sites.