How to Protect Yourself from Phishing

Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, ecommerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access users’ accounts.

Don’t get lured in

The following messages from the Federal Trade Commission’s OnGuardOnline are examples of what attackers may email or text when phishing for sensitive information:

  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”

  • “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

Here’s what you can do

Know BEFORE you click

Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.

Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information. Watch for imposter URLs that mimic the originals like:

  • https://bankofamerlca.com v. https://bankofamerica.com

  • https://progressivelnsurance.com v. https://progressive.com

Can you spot the phonies?

Protect your personal information

Cybercriminals collect information about you from various sources such as social media sites like LInkedIn and Facebook as well as from other publicly available records, company websites, and more. By collecting key details of your life, they can attempt a direct attack on you and your online and financial accounts. Don’t post personal information online.

USE A UNIQUE and STRONG PASSWORD FOR YOUR DIFFERENT ACCOUNTS

Do not reuse passwords or similar passwords for your different accounts. If you reuse passwords, when one login is compromised, all of your logins are compromised. See 5 SIMPLE TIPS TO BE CYBER SECURE AT WORK AND AT HOME.

Use multi-factor authentication

Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone or an authenticator app. MFA protects you because it forces two (or more) means to verify your login credentials. So even if a password is compromised, the cybercriminal would need your cell phone as well to access your account.