We see them every day: emails, calls, and instant messages asking for access to your computer, your personal information, data that needs to be protected. Sometimes these thieves ask for passwords, account numbers, or personal identifying details; other times, they want you to run a malicious attachment or visit a dangerous website to pick up some malicious code.
Remember: technology isn’t perfect. There’s no infallible solution able to prevent all attacks. Part of the responsibility falls on the end user – you – to know when to be suspicious, and to know how to protect yourself.
The first thing to know about phishing? If it smells “phishy,” there’s a good chance it is. Trust your nose. If you’re not sure, look for advice – don’t be afraid to approach your IT security expert. And yes, you can mark phishing emails as spam and ignore them, but it can be helpful to IT security to see new messages and help raise awareness to your colleagues that such a message is making the rounds.
Browser-based exploits are still pretty common, also. Even a fully-patched system can be compromised by visiting the wrong website. It’s always safer to just not click on a link if you’re suspicious. And be aware that it’s not just email you’ll need to watch out for. Thieves make use of instant messenger programs, texts, and even plain old telephone calls to try to gain access to your private information.
There’s an infinite variety of phishing emails out there, in all shapes and sizes, but fortunately there are some “tells” you can look for to help suss out potential scams.
Not everything that smells ‘phishy’ is a phishing email. Other potential messages include:
You are your own first line of defense against phishing. Arm yourself by knowing the signs and acting with caution. By educating yourself, you’ll be able to avoid falling victim to a phishing scheme – and putting your personal data, or that of your organization, at risk.