A phishing attack is an attempt by a hacker who is looking to trick innocent people. They do this by writing and then sending, a fake email that looks very real. The email may imply that you should give your username and password for a company account, or it may have some type of attachment or link which will download malware to the company network or your computer. Some phishing attacks look like they come from the company you work for or from someone you’re familiar with. Watch out for these signs of a phishing attack:
1. You are asked for personal information
One sign that an email is a phishing email is if it wants you to provide personal info. Though these emails look very real and seem like they are coming from a place you’re familiar with like your bank or your company’s CEO, don’t be fooled. Your bank, for example, would never ask for your bank account information because it already knows that…so, if things seem a little odd, they probably are.
2. You are asked for money
Emails from someone you work with or someone asking for a wire transfer are often fake so you should always follow up with a phone call before sending anything.
3. There is a panicky feel or sense of urgency
Any email from a coworker, client, or employee asking for an urgent transfer is probably a scam. The moment you see something that sounds urgent, look upon it with caution. Some hackers will write a scam email that is created to cause you to panic or feel like you have to move quickly. For example, the email might claim that your bank account is compromised and to stop it, you must go to a particular website and enter your username and password. But, when you go to that website and enter your account information, nothing happens, and the hacker has your login credentials.
4. You think something looks strange
In general, the scammer will try to put the name of the company they want to copy in the address, but it likely will not be exact. For example, if you use Chase Bank, and you get an email from @chasebank.com instead of @chase.com, delete it.
5. You don’t have a business relationship with the company
Consider your relationship with the company the email is coming from. For example, an email from your health insurance company should come from the organization’s system, not from an odd Gmail account. Also, if you don’t have an account or business relationship with the company, it’s could very well be a scam.
6. The email comes from…you
Look closely at the email. Who sent it? You? Technically, it isn’t from you, but hackers try this all of the time. Just delete it.
7. Others are receiving the same email
Look at the address the email is going to. Is it only to you or does it go to several email addresses you are not familiar with? In most cases, if a company has business with you, it sends emails only to you.
8. Are there links?
One of the most common ways people become victims of a phishing scam is because they click on links contained within the email. Some of these links, when clicked, automatically download malware to your computer. Others will take you to a site that will attempt to steal your identity. Before you click on a link, hover over it with your mouse and see where it goes. If the address doesn’t look right, do not click it.
9. The sender can’t spell
A lot of scam emails come from overseas or from uneducated people. So, if you see a lot of spelling or grammar errors in an email, it’s probably a scam.
10. Does it have an attachment?
Finally, if there is any attachment in an email, watch out. Never, ever open it if you don’t know the sender. It is very likely there is a virus or malware contained in it. If you think the attachment might be legitimate, make sure to scan it with antivirus software before you open it.
Source: Robert Siciliano, personal security and identity theft expert and speaker on security awareness training, is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. He will teach a CSI Protection certiﬁcation course which promotes proactive strategies to enhance safety and security for real estate and associated businesses at RI REALTORS on April 9th, 2020. RI Realtors – See details on the RIAR Course Calendar on RIREALTORS.org.