Phishing attacks use email or malicious websites to infect your machine with malware and viruses to collect personal and financial information. E-mails or websites may appear to come from a real financial institution, ecommerce site, government agency, or any other service, business, or individual. Prompts on websites or e-mails may request personal information such as account numbers, passwords, or Social Security numbers.
Be wary of messages that elicit a response to provide information:
- “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
- “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
- “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
Tips to Avoid Being a Victim of a Phishing Attack:
- Think before you click: Read e-mails and links carefully looking for clues on the nature of the e-mail. Treat known and unknown unsolicited E-mails or websites that prompt you to provide specific information as a potential threat until you can prove otherwise. Hackers will go to great lengths to make a website or e-mail look legitimate enough to get you to at least click on their links.
- Generic greetings such as “Hello Customer” Should be a red flag of a potential phishing attempt.
- If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “off,” reach out to them via customer service to verify the communication.
- Use caution with hyperlinks: Hover over link to see if the destination of link matches and ensure that URL addresses begin with “https” as the “s” indicates encryption is enabled to protect users’ information.
- Ensure proper defenses of both network and end-users: Ensure firewalls are in place and antivirus/SPAM filtering is updated and the appropriate settings are applied to better protect end users’ systems. All systems should be regularly updated with security patches.
- Protect all personal information – As a general rule never share personal or financially sensitive information over the Internet.
- Keep your browsers up to date – Security patches should be installed on browsers as soon as latest update is available.