Phishing is one of the oldest tricks in the book when it comes to online scams, but it continues to be effective because of its simple design. A target is asked to take action on a message sent via email, social media or some other channel; if the lure is successful, personal data may then be harvested, or malware might even be installed on the device in question.
The 2017 State of the Phish Report analyzed 10 million simulated phishing emails and found that while click rates (i.e., actually acting on the phishing prompt) declined from 2015 to 2016, the vast majority of information security professionals (76 percent of them) reported being victims of phishing attacks. More than 40 percent of them also faced phishing attempts via text message or phone call. A separate study found a surge in social media-initiated phishing campaigns in the final quarter of 2016.
How can you stay safe in a world where phishing is everywhere? A good place to start is to know the tell-tale signs of a phishing scheme:
1. There are errors in punctuation, grammar and/or spelling
Imagine getting an email from a major airline or pharmaceutical company that was nevertheless riddled with stylistic mistakes. Such sloppiness is often a red flag that the message is not what it seems and should be ignored. Would you surrender sensitive personal information to a stranger prone to making typos in allegedly “urgent” emails?
2. The hyperlink is actually different from what it says it is
The linchpin of any phishing scheme is the URL to a compromised website, from which data can be captured. This URL is usually embedded in the body of the email or text message, but it is often now what it appears to be:
- The link might look legitimate on the surface, but hovering your mouse over it might reveal that it actually leads somewhere else.
- A URL shortener – the most famous variant is bit.ly – might be used to obscure the domain and content of the link.
3. The message claims to be from a U.S. government agency
Many phishing scams take the form of communications claiming to be from a federal agency such as the IRS or the FBI. However, as a rule, these bureaucracies almost never use email to communicate with the public. Any phishing email designated as an “official” piece of correspondence from the government can be safely ignored.
4. It asks you to send money
Sophisticated phishing campaigns may be drawn out over a lengthy exchange of messages, instead of being limited to a one-off attempt at getting you to click on something. In these cases, it is possible you will be asked to send money to cover expenses or fees, with the promise that you will get a larger payment down the road (which of course never comes).
“Sophisticated phishing campaigns may be drawn out over a lengthy exchange of messages.”
Protect yourself from phishing with Unlimited Internet Security
Memorizing these signs is a good start to staying safe from phishing. But some emails and messages are convincing enough that you might end up clicking anyway. Accordingly, it is a good idea to have a backup plan, in the form of comprehensive protection for your online activity.
Unlimited Internet Security from Total Defense is the ticket, capable of shielding sensitive transactions, screening for virus and securing your identity. You can find out more today on the main product page.