By UnigoWith the holiday season approaching, cybercriminals are preparing for the coming “scam season”. Unfortunately, online scams are everywhere and can be hard to avoid. Chances are, you’ve come in contact with one in the past– especially a phishing scam through email and/or social media. Phishing attacks are used to trick individuals into willingly handing over personal information such as login credentials, Social Security numbers, credit card numbers, bank account numbers, etc. This article covers the basics for spotting phishing attacks via email and social media and what you can do to defend your personal information and stay safe. Email Phishing Attacks Phishers send out fake emails from trusted senders like your bank, PayPal, or even your university. These emails might include a link to a fake website designed to look real. In some cases, you may be asked to reply in order to verify your information or respond to an offer. Phishing emails are often pretty obvious, but they are becoming more sophisticated. Get in the habit of quickly inspecting every email you receive to be sure it’s legit. Common Features of Phishing Emails: The URL shown on the email and the URL that displays when you hover over the link don’t match. The “From” address is an imitation of a legitimate address. The content is poorly written and contains obvious grammar and spelling errors and awkward sentence structure. The overall look of the email is sloppy and just “off” (weird line and paragraph breaks, extra spaces between words, graphics may be pixelated or a slightly different color from what you’d normally see, etc.). The tone of the email is desperate or threatening. For example, the email may claim your account will be closed if you don’t ACT NOW on this URGENT MATTER. The email is overly general or vague and contains suspicious links or attachments. 6 Way to Protect Yourself Against Phishing Emails Common sense is your best protection against phishing attacks. If something seems sketchy, it probably is. Here are a few more specific tips to guard against a phishing attack. Never open an attachment you’re unsure about, particularly if it came with an email that displays any of the other characteristics of a phishing email. These attachments might contain malware. Carefully check any links within emails. For example, check to see if the displayed URL of the link doesn’t match the actual URL when you hover over it. (Tip: To check a URL on a smartphone, long press the link, and a window will open to reveal the address.) Keep in mind that legitimate businesses, such as your bank, will never ask you to click a link to sign into your account. Search the internet to see if similar phishing scams have been reported. Verify anything unusual by calling the person or company to ask if they emailed you a document. Defend your device by installing and regularly updating your operating system, security, privacy, and antivirus Phishing Attacks via Phone Calls and Texts Phishing attacks can also happen over the phone via call or text. Perhaps you’ve received a call from someone claiming to be from the IRS threatening to send the police to your door if you don’t pay your overdue taxes immediately, or maybe someone claims that your credit card student loan payment is overdue and must be paid immediately to prevent further action. Protect Yourself from Fraudulent Phone Calls: Screen your calls. Let unknown numbers go straight to voicemail. Do not give out personal and financial information (passwords, credit card number, Social Security number, etc.) over the phone. Government agencies will not cold call you, and the IRS generally mails tax bills. Check your credit report regularly to look for signs of identity theft. If a company calls and says that your computer is having problems, don’t allow them to remotely connect to your computer to fix it. Help protect others by reporting the scam. Protect Against Text Message Phishing Attacks: Make sure your phone’s software is always up-to-date. Don’t click on links in text messages. Report the issue to your mobile phone provider. Social Media Phishing Attacks Phishing has become common in social media as well. You may be on your favorite social media site and receive an invitation to click on an infected link or provide personal information. Hackers can then find out all kinds of info about your personal life and interests and tailor their scams accordingly. They can even hijack accounts and pretend to be someone you know and would normally trust. Common Ways Phishers Try to Attack You on Social Media: Fake comments on popular posts that contain links to phishing sites Fake direct messages (DMs) that appear to come from a friend but are usually the result of a hacked account Fake customer service accounts (often referred to as “angler phishing”) Fake online discounts, surveys, and contests 6 Tips to Protect Yourself Against Social Media Phishing Attacks Social media phishing attacks are often more sophisticated than email scams, and people are less familiar with them, so they may be more difficult to spot. Keep the following tips in mind to help you identify and protect yourself against phishing attacks on social media: Watch for slight misspellings or variations in account handles. Look for the blue checkmark badges next to account names on Twitter, Instagram, and Facebook to be sure that you are dealing with the real, verified account. If you receive a DM, even from what appears to be a trusted source, don’t clink on any links. Instead, visit the website independently and look for “https” at the beginning of the URL. Avoid polls or quizzes that reveal personal info. Hackers can use these to sign you up for dubious services or steal your info to open accounts. Make sure your account’s privacy settings only make your profile visible to people you trust. Resist the temptation to overshare. Details like your pet’s name or hometown are often used in security questions for financial accounts. For more information on the common types of Phishing scams, check out this article here.