Phishing Emails are scam emails that appear to be from a legitimate company that ask for private login credentials for important websites everyone uses. Scammers work hard to make their phishing emails look professional and convincing and some are very convincing. Once an unsuspecting user gives their login credentials to the scammer, the scammer can access their account and steal financial and other personal information. In addition, the scammer will sell these credentials to the dark web where other criminals can use this information for nefarious purposes. The following are tips on how to recognize a phishing scam and how to best protect accounts from being hacked.

How to Recognize a Scam:

Phishing scams may be a phone call, email, or text message requesting a user to give their passwords, account numbers, or Social Security numbers. 

Beware, not all phishing emails and text messages look the same. Scammers change strategies frequently to prevent their victims from being suspicious, but there are some signs that will help you recognize a phishing email or text message. Here are the top things to look for:

• Phishing Emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store. They might even have your name on the “From” line. If you hover over the link or check out the website (URL), you’ll see that it’s not actually from your bank or credit card company.

• Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. Don’t fall for it! These messages will include something like the following:

• “We’ve noticed some suspicious activity or log-in attempts”
• “There’s a problem with your account or your payment information”
• “You must confirm some personal information”
• Include a fake invoice (https://www.consumer.ftc.gov/blog/2017/05/fake-emails-could-cost-youthousands)
• Want you to click on a link to make a payment
• “You’re eligible to register for a government refund” (https://www.consumer.ftc.gov/blog/2018/03/westernunion-refunds-scam-alert) 
• Offer a coupon for free stuff

A real example of a phishing email:

Imagine if you were to get this email in your inbox. 

Do you see any signs that it’s a scam? Let’s take a look.

• The email looks like it’s from a company you may know and trust. It even uses a Netflix logo and header. 
• The email says your account is on hold because of a billing problem. 
• The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this. 
• The email invites you to click on a link to update your payment details. 

After first glance, this email looks legitimate, but it was sent by a criminal looking to exploit anyone willing to click the link. In 2016 an employee at the University of Oxford clicked a similar link and gave a scammer access to the university’s IT systems, which resulted in £1.5 million being stolen from the institution. In another example, a woman gave away her banking details in a phishing email and consequently lost £35,000. Here in Portland, Oregon, seniors are being exploited daily as they click on these links and unwittingly give their login credentials. It is estimated that scammers steal approximately $2.9 billion from seniors annually. 

How Do I Protect Myself?

Four steps everyone should take right now!

1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats. (https://www.consumer.ftc.gov/blog/2019/06/update-your-software-now) 

2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats. 

3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi factor authentication. The additional credentials you need to log in to your account can be: 

• Something you have — like a passcode you get via an authentication app or a security key. 

• Something you are — like a scan of your fingerprint, your retina, or your face. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password. 

4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too. (https://www.consumer.ftc.gov/articles/how-protect-your-data-you-get-rid-yourcomputer#back%20up) 

What To Do if You Suspect a Phishing Attack?

Now that we know what phishing emails generally look like, let’s understand what one should do once they recognize a scam attempt.

If you get an email or a text message that asks you to click on a link or open an attachment, ask yourself this question: Do I have an account with the company or know the person that contacted me? Does the subject or purpose of the email seem legit?

If the answer is “No,” it could be a phishing scam. This is when you should start to look for signs of a phishing scam. If you see them, mark the email as spam, report the email/message and then delete it. 

If the answer is “Yes”, do NOT click the provided link! Contact the company using a phone number or website you know is real. You’ll find the contact on the company’s official website. Look it up using google rather than clicking on any link provided in the email. Do not rely on any information in the email. Attachments and if installed can invite harmful malware to your device.

What To Do if You Responded to a Phishing Email/Already been scammed?

Mistakes happen! And so if you think you recognized a scam too late and the scammer already has your information(eg: Social Security, credit card, bank account number, etc.) go to IdentityTheft.gov (https://www.identitytheft.gov/Info-Lost-or-Stolen). On the website, you’ll see the specific steps to take based on the information that you lost. 

If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software and anti-virus. Then run a malware scan of your computer. (https://www.consumer.ftc.gov/articles/0009-computer-security#update)

How To Report A Phishing/Scamming Attack:

If you receive a phishing email or text message, it’s very important that you report it immediately. The information you give can help fight the scammers. 

Step 1. If it’s an email, forward it to the ‘Anti-Phishing Working Group’ at reportphishing@apwg.org (mailto:reportphishing@apwg.org). 

If it’s a phishing text message, forward it to SPAM (7726). 

Step 2. Report the phishing attack to the FTC at ReportFraud.ftc.gov (https://ReportFraud.ftc.gov). 

With hackers getting clever each day and coming up with extremely authentic looking techniques, we must ensure that our devices and networks are as secure as possible.

Still have questions?

Drop them below in the comment section or you can reach out to us at amber@roseelderlaw.com.