What is phishing?
Phishing is a form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user's name. These types of messages often state that there is a problem with the person's account or access privileges. They will be told to click a link to correct the problem. After they click the link—which goes to a site other than the bank's—they are asked for their username, password, account information, and so on. The person instigating the phishing can then use this information to access the legitimate account.
How to spot a phishing email?
The email asks you to confirm personal information Keep an eye out for emails requesting you to confirm personal information that you would never usually provide, such as banking details or login credentials. Do not reply or click any links and if you think there’s a possibility that the email is genuine, you should search online and contact the organization directly – do not use any communication method provided in the email.
The message is designed to make you panic It is common for phishing emails to instill panic in the recipient. The email may claim that your account may have been compromised and the only way to verify it is to enter your login details. Alternatively, the email might state that your account will be closed if you do not act immediately. Ensure that you take the time to really think about whether an email is asking something reasonable of you. If you’re unsure, contact the company through other methods.
The web and email addresses do not look genuine It is often the case that a phishing email will come from an address that appears to be genuine. Criminals aim to trick recipients by including the name of a legitimate company within the structure of email and web addresses. If you only glance at these details they can look very real but if you take a moment to actually examine the email address you may find that it’s a bogus variation intended to appear authentic ‒ for example: @mail.airbnb.work as opposed to @Airbnb.com
It’s poorly written Read the email and check for spelling and grammatical mistakes, as well as strange turns of phrase. Emails from legitimate companies will have been constructed by professional writers and exhaustively checked for spelling, grammar and legality errors. If you have received an unexpected email from a company, and it is riddled with mistakes, this can be a strong indicator it is actually a phish.
There’s a suspicious attachment The attachment could contain a malicious URL or trojan, leading to the installation of a virus or malware on your PC or network. Even if you think an attachment is genuine, it’s good practice to always scan it first using antivirus software.
What to do if you get a phishing email?
Do not open it. In some cases, the act of opening the phishing email may cause you to compromise the security of your Personally Identifiable Information (PII).
Delete it immediately to prevent yourself from accidentally opening the message in the future.
Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
Never click links that appear in the message. Links embedded within phishing message.
What to do if you fall for an email scam? If you’ve clicked the wrong link or provided personal information in response to a phishing scam, change your passwords immediately. This goes for all email and other online accounts, including bank accounts, utilities, online retailers, and so on. You may also need to update any related PIN numbers. Create unique, complex, new passwords for every account, using a sequence of letters, numbers, and symbols Contact credit card companies Alert your credit card companies and explain the situation. Your credit cards might not have been used yet, but if you’ve exposed credit card data, unauthorized charges could be in your future. Your bank may suggest freezing or replacing your cards. Let your bank know what happened so they can help you protect your credit line. Check your accounts regularly
Review your bank and credit card accounts regularly to check for suspicious activity. If you’ve previously detected suspicious or unfamiliar activity and set a fraud alert or credit freeze on your credit report, you may consider leaving it in place until you think it’s OK to remove it. And watch for any bills from utility companies or other service providers that aren’t yours. If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.
