Phishing is a cyber-attack where miscreants and criminals send you fake emails to trick you into clicking on malicious links, opening malicious attachments, or divulging sensitive information. This process is similar to fishing in that that these fake email messages try different methods to bait you into some sort of action that will compromise information or your IT system. In any given year, it is estimated that more than 80% of email addresses have received at least one live phishing email.

In the increasingly interconnected and IT-enabled financial world, phishing is an especially grave threat; falling for a phishing email can lead to ransomware attacks, stolen account information, and compromised personally identifiable information (PII).

Phishers Expanding Into Other Media

Phishing attacks most often come through email and target people at random, but, over the last few years, criminals have expanded to text messaging, social media, and phone calls. When phishing attempts come through email, they usually contain malicious links and/or attachments. In the early 2010s, it was often fairly easy to spot a phishing email due to conspicuously bad grammar and punctuation, but over the last few years phishers have become more sophisticated and difficult to spot.

That’s why the American Bankers Association started its social media campaign, #BanksNeverAskThat, a few years ago to spread awareness about how to protect yourself as more criminals attempt to imitate banks to capture your PII and account information.

To make yourself less likely to fall for a phishing attempt and protect your bank account information and company IT systems, practice the following general rules of thumb:

Slow down. Double-check the details. Like most scammers, phishers pressure you to act fast and without thinking things through. They use emotional blackmail tactics, make threats or warnings, and try other ways to appeal to emotion to make you click a link, open a web page, or enter sensitive information into a website. Don’t let them.

Be wary of any link to a website. Phishing email links can send you to fake web pages that are dangerous for a few reasons:

  • The linked page may look normal but is downloading malware to your computer in the background. 
  • The linked page may look like a login screen but is actually just stealing your login credentials so they can try and use them on other sites.

Be suspicious. We all receive unexpected emails, so it’s important to scrutinize each email and verify it’s from a sender you trust.  Don’t click on links or attachments in suspicious emails or those from senders you don’t know.

Verify. Phishers also try to pose as your supervisor, your family, or your friends. If you get a message from someone you know that doesn’t seem quite right, give them a call or send them a text, using contact information not in the suspicious email itself, and ask them if they sent it to you and why.

By remembering that it’s okay to slow down, to be suspicious, and to ask for verification, you can reduce your risk of falling for a phishing email, thereby helping to keep financial information and IT assets safe from disclosure or harm.

Contributors: Joseph Matte