My first exposure to a phishing scam was 13 years ago, before I had ever heard the term.
I received an email from Discover Credit Card, showing an odd purchase. It said to click the link to change my password if I hadn’t made the purchase. I dutifully clicked the link, put in my credit card number and changed my password. D'oh. As soon as I clicked confirm, I thought something seemed off. I called Discover and they assured me they would never ask for my card number through an email. They sent me a new card with a different number. Lesson learned.
Since then, I rarely click directly on a link I get in a text or email. I always start from scratch with the original URL to make sure I don’t get duped again. But scammers get trickier every year and so do their phishing scams. If you aren’t quite sure what the term means either, phishing is when cyber criminals use fake emails, texts or copycat websites to get you to share personal information. Those scammers then use that information to steal your money and even your identity. By clicking on these fake links, you can also give bad guys access to your computer or network.
By the end of 2017, security firm Symantec reports the average user received 16 malicious emails each month. And the phishing attacks come disguised as emails from companies you likely have authentic relationships with in the real world. Security firm Vade Secure reports the top five most impersonated brands in North America in 2018 were Microsoft, Netflix, PayPal, Bank of America and Chase.
After three years of decline in tax-related phishing scams, the Internal Revenue Service saw a surge in 2018. The IRS recorded a 60 percent increase last year in phishing scams trying to steal taxpayers’ money or personal information. The IRS reminds taxpayers it will never initiate contact by email to request personal or financial information.
And 2019 may bring a new twist to the good ol' email phishing scam. Forbes reports we will see more attacks through messaging apps like Facebook Messenger and notes that users are more likely to click on a link in a chat then they are in an email.
So how can you tell if an email or message is legitimate? Google has created a phishing quiz to test your ability to spot a scam. This would be a great teaching tool to talk with kids or elderly parents about what tricks scammers might use. One of their examples is nearly identical to a successful phishing scam that hackers used on U.S. politicians. This quiz is tough, but contains emails (real and fake) that have definitely hit my inbox at some point.
The Federal Trade Commission offers some simple ways to steer clear of phishing scams. First, be very wary about opening any attachment or link you receive. Skepticism is your friend. Confirm the source before clicking or go directly to the original website by typing the information you want into a search engine. Never respond to emails or messages that request personal or financial information (see my epic fail in paragraph one).
Vade Secure compiles phishing URLs it detects each day and makes them available to search online. Just copy and paste the URL you want to test for phishing and the website will tell you whether the link checks out.
Make sure to report any phishing emails to the government at firstname.lastname@example.org and to the organization impersonated in the email. You can also file a report with the Federal Trade Commission and to the Anti-Phishing Working Group at email@example.com.
The more we work together to bring these scams into public awareness, the less effective they will be.