As online security techniques become more sophisticated, so do the scammers. Thwarted by high end encryption software, hackers are finding an easier way to obtain access to accounts – trick users into providing access through sophisticated ‘phishing’ attacks. Essentially, phishing attacks are real-looking emails or texts that trick the user into giving up passwords or other sensitive information. And phishing is on the rise. According to the Cybersecurity Infrastructure Security Agency, phishing attacks rose 60% in 2022. With that in mind, we wanted to give you a few tips on how to identify and protect yourself from these types of attacks.
Spotting a phishing attack
The FTC provides a helpful outline of how phishing attacks often work.
· You get an email – it seems to be from someone you know or a business that you use, and it asks you to click a link, or give a password, bank account, or other sensitive information.
· It looks real – it is easy to spoof emails and fake logos to make the email look like it is from someone you know.
· It is urgent – The message pressures you to act now, perhaps because your password is expired, or your account hacked, or some other emergency.
· You click the link – if you click the link scammers can install spyware or ransomware software on your computer. Worse, if you provide the passwords then hackers now have access to those accounts.
Be Careful with email
The first way to protect yourself is to be careful with email. Opening every email is like opening the door to your home. Be cautious, even if it appears to be someone you know – even your financial advisor. Not only are emails easy to spoof, but hackers can also sometimes break into emails of friends to continue to spread the scam. Is the email address exactly consistent with other emails from this person or company? Is the email consistent with other conversations? Is the email out of the ordinary or asking for personal information?
Don’t Click on Links!
One great way to stay safe is to simply never click links in an email. For example, if you get an email from your bank with an ‘important notice’ link, simply go to your browser, and navigate to your bank website yourself rather than following the link in the email. I have received many phishing attacks claiming that my Microsoft password has expired. The email asks me to click the link to reset the password. Instead of following the link, it is far safer to type in the Microsoft website myself to check my account. That way I know I am truly going to Microsoft. A few extra clicks could save you a lot of headaches later.
Call to Verify
Even emails from close friends and family can get hacked and hackers are getting better and better at mimicking the way we communicate with others. With that in mind, if something sounds weird – verify by picking up the phone. If your grandma is suddenly asking for large sums of money – give her a call. It’s likely someone has hacked her email and she doesn’t know it. Similarly, do not rely solely on emails for critical information. For example, if you are wiring large amounts of money and received the wiring instructions via email, it is best to verify the information with a phone call.
Turn on Two-Factor Authentication
This is a great way to protect your information that is becoming more widely available. Two-factor authentication requires you to verify your identity when logging into an account by having the website you’re logging into send a pin number to your phone or email that you then use to verify it’s you. Two-factor authentication can keep your accounts safe even if you accidentally expose your password.
Use Anti-virus protection
Anti-virus software is an absolute necessity in today’s internet environment. I would not use a computer without robust, high quality anti-virus software installed. The software scans files for spyware and ransomware and helps protect you even if you inadvertently click a link.
As always, your security remains one of our top priorities and we continue to look for new and improved ways to protect your information. Of course, we can’t do it without your help. If you’d like to learn more about phishing and how best to protect yourself, check out the resources on the FTC website.