Don’t Get Reeled In: Avoid Phishing Scams

The internet is like the ocean. Vast, diverse, and full of both opportunities and risks. And to reap the benefits of this “cyber sea” without running into danger, it’s crucial for you to understand what phishing is and how to prevent you and your company from being reeled in by scammers.

Phishing is when a scammer poses as a trusted source and sends fraudulent digital messages, often via email or text, hoping to manipulate you into revealing personal information and gaining unauthorized access to certain systems through a download or link. Phishing attacks are also the most successful types of cyber-attacks, so you should take the time to pay attention to details and report any phishing attempts when you are targeted.

Recognize the Phishing Bait

1. Urgent Response Needed

Any message containing threatening language or claiming a loss of opportunity unless immediately action is taken, are often scams. The sense of urgency is a tactic by scammers trying to get you to act before you think. If you’re not sure if it’s a scam or not, send a separate message to the claimed individual or give them a call to verify before taking any further steps.

2. Bad Grammar or Spelling Mistakes

Most professional emails have automatic spell-checking tools built in for outgoing emails.

3. Questionable Email Address or Domain Names

Does the email address originate from a company you regularly communicate with? If so, check the sender’s email address with previous messages. Additionally, don’t take the word of the name provided in the email sender line. Hover over the name and ensure the domain is correct.

4. Suspicious Links

Never click on embedded hyperlinks within an email. Before clicking a link, hover your mouse over it and make sure the URL is correct. Remember, if a link looks a little off, think before you click.

5. Access Data or Personal and Financial Information Is Requested

If the request seems unusual or invasive, it probably is. Any time a message makes a request for login credentials, payment information or other sensitive data, be cautious. Hackers can create very convincing login pages to include in their emails at links. DO NOT provide your personal information unless you are 150% sure of the source.

Report Attempted Phishing Attacks

If you recognize any of the above warning signs in a digital message you receive, it’s important to report the phishing attempt to your IT team and the company or person being impersonated.

You can learn more about recognizing phishing and other cyber security information by visiting the Cybersecurity and Infrastructure Security Agency website.