If you’ve used the Internet for more than seven minutes, you’ve probably been targeted by several hundred phishing attacks. Phishing, when attackers try to pry bank account numbers, codes and passwords away from users via deceptive emails, links and attachments, is nearly as old as the Web itself.
These emails can come in many forms to fool unsuspecting users, disguised as social media notifications, banking statements and anti-virus alerts. The ploys attackers use have become even more covert lately as they try to get their scams to resemble actual alerts. In the last few years, scams have tried to mimic legitimate notifications from Facebook, PayPal and Apple and since the start of this year, have swindled users out of $687 million.
One of these phishing scams made the rounds earlier this year on Facebook and tried to convince users their accounts had been compromised. Attackers sent messages to all of the infected Facebook account’s friends to get them to click through a suspicious looking link. Once users clicked through, the scam tried to get them to enter their personal information, including their credit card number and the card’s expiration date.
To stay safe online, users need to remain vigilant when it comes to interacting with strange emails. Thinking, or even better, reading, before clicking is the key to avoiding getting duped.
Often times, phishing messages try to get your attention through fear. “We suspect an unauthorized transaction on your account,” is a common phishing e-mail headline. Attackers are constantly trying to get their victims to log-in to fake versions of sites to get them to part with important information like passwords and log-ins for bank accounts and email addresses.
Twitter users should also be on the lookout for phony phishing tweets and avoid clicking on questionable links tweeted to them from unfamiliar users. Just like email, attackers have taken to the popular social network as of late, tweeting out malicious links that can be easily obscured by URL shorteners, making it nearly impossible to gauge whether they’re safe.
In general, users should exercise caution before clicking on suspicious links in emails and tweets from unknown senders and ignore, delete or report these messages. Twitter allows users to block malicious users or report them for spam while Gmail allows users to report emails as spam or phishing.
If you’ve been led astray and feel like you may have clicked a phishing link, be careful to not enter any valuable personal information, like passwords. If you suspect you’ve been duped, immediately change your password for the site (and any other sites that may share that password).
The Federal Trade Commission encourages the use of up to date anti-virus and anti-spyware software and firewalls to prevent phishing while U.S. Computer Emergency Readiness Team reminds users to pay attention to URLs when entering personal information. It’s easy to assume you’re on the right site but if you’ve been duped by a phisher, there might be a slight misspelling in the website address (i.e. www.faceboook.com). On most browsers, secure connections that are encrypted using SSL are marked by a green padlock in the far left side of the URL bar, which is another indication of their legitimacy.