Here’s a guide outlining classic online fraud attempts to help you stay cybersecure.
You’ve heard the words describing how hackers and scammers gain access to online information, but do you know what they really mean? Phishing, Smishing, hacking, spam? Check out this short guide outlining how to protect yourself and your loved ones from cybercrime and how to keep your data safe online.
Phishing attacks normally use emails with malicious website links within the email to gain access to your computer, and in turn, your accounts. Here’s how it works: You receive an enticing email about a great deal on a product or an urgent message that you need to act on immediately, and within it are links to a counterfeit website. Once you click the link, scammers trick you into giving financial data, such as user names and passwords. Some phishing attacks plant malware in the email itself, so that once it’s opened, the criminal can steal credentials directly from your computer.
How to avoid: Do not open any emails you don’t recognize and don’t click on any links within an email you don’t recognize coming from a person or company you know. If you are asked to visit a website that seems like it’s one you’re familiar with, check the URL because many times a counterfeit URL will use the company name and .net or .biz instead of .com — a slight but important difference. However, note that a URL with a .com suffix is not always safe. If you question the email, pick up the phone and call the company to see if the email is legit.
Social Media Phishing
Phishing isn’t limited to email. Cybercriminals also create links in social media through online ads, tweets, and posts, promising something that is too good to be true. What’s really happening is that they’re trying to gain access to your personal data and accounts once you click the link. If it looks at all suspicious, it most likely is.
How to avoid: Don’t click on the link. As the National Cybersecurity Alliance urges: “When in doubt, throw it out.”
Spam — No, It’s Not Pressed Meat
Spam in your inbox is no different than junk mail in your mailbox. It’s unsolicited, unrequested and unwanted email, and its purpose is to get you to open it for malicious purposes.
How to avoid: Enable a spam filter from your email provider to prevent unwanted messages from reaching your inbox, and report any spam emails that make it through. Hide your email address from any online profiles and social media accounts. You can also check for spam detectors on your cell phone or through your carrier, which indicate whether an incoming call is likely spam.
Text message scams — also known as “smishing” — became a prevalent form of phishing a couple of years ago. It’s a phishing attack delivered via text message. This scam sends an urgent text message to your phone, trying to get you to click on a link within the text, text back requested information or call a fraudulent number. It’s especially used with people who do online banking or bill pay. Examples include receiving a message that states your account, debit or credit card has been suspended and to click on the link included within the text to unlock it. Or you may receive a message to verify account information, or to transfer money to a stranded relative.
How to avoid: Do not click on any link or phone number within a text message unless you’re sure what it’s for. If you receive a message about a frozen or locked bank account or account verification, pick up the phone and call your credit union to verify its legitimacy.
This term refers to harmful software that hackers try to install on your computer through a variety of means. Malware contains viruses — sometimes ransomware for businesses — that can take control of your computer, monitor your actions and keystrokes, and gain access to personal data stored on your computer.
How to avoid: Once again, it’s all about what you don’t do. Don’t open any suspicious emails, click on any links, or download any files you don’t recognize.
If you find yourself in a situation where you believe you are the victim of a cybercrime, file a complaint with the appropriate authorities, as outlined in this DHS resource. For additional information on identity theft protection and resources, visit Trailhead’s Identity Theft Protection page.