How much do you know about these common phishing scams?
Phishing is used by criminals to steal your personal information, lock your device and hold it for ransom and steal your identity. Knowing what to watch out for can keep you from getting hooked!
There are several ways that criminals use email phishing:
- Online criminals often steal logos and email formats from legitimate companies, then they set up an automated process to spam thousands of people at the same time with a message that appears to be from the company. The message will ask you to verify/update your account information, change your password, or respond to suspected fraud on your account. These messages appear to be legitimate with company logos and colors. If you don't do business with the company, it's easy to spot the scam, but if it's a company you're associated with, it can be more difficult. BEST STEPS TO SAFEGUARD YOURSELF: phishing emails often have grammar/spelling/English language usage errors in the message; is the message personalized to you, or is it generic (Dear valued client); hover over the from line and see what email address sent it (it a company email or is it from some unrelated address?); never click a link in the message or call a number in the message, go directly to the company through your user account or call customer service using a number on your statement.
- Online criminals often send emails that appear to be from file sharing sites like Sharepoint, DocuSign, etc. These emails will appear to be from one of your colleagues who is sharing a file with you or asking you to review a document. These will appear to be very legitimate, and if you are suspicious and you send your colleague an email to verify, the criminal often has set up an auto-reply that will come from your colleague's email address and will assure you that the email is legitimate and you should click the link. BEST STEPS TO SAFEGUARD YOURSELF: Do not click links in these emails, they may launch malware/spyware/ransomware onto your device. The response from your colleague (if you email them to check it out) may seem less personal than you would expect and/or may come to you very quickly (indicating an auto-reply has been triggered). It's best to call or text your colleague to verify.
- Online criminals often approach you about winning a raffle or lottery prize. If you receive an email like this that's unexpected, it's almost always a phishing email. BEST STEPS TO SAFEGUARD YOURSELF: Delete all of these emails if they are not expected. If you receive a notification about winning a prize that you are actually waiting to hear about, contact the prize giver directly, do not use the contact information in the email to reach out to them.
- Online criminals often approach you with a story about an inheritance, or a story about someone trying move money from a foreign account. They say that you'll get a sizeable amount of money and they ask you to click a link or call a number to verify your information so they can get the money to you. BEST STEPS TO SAFEGUARD YOURSELF: Never respond to these emails, they are all scams; delete immediately.
- Online criminals often hack your friend's email account and then send a message to everyone in their address book about needing help in an emergency. The email will appear to come from your friend and they will indicate that they are out of the country and they need help urgently because all of their money/stuff has been stolen and they can't get home. They'll ask you to call a number, or they'll provide instructions for wiring the money. BEST STEPS TO SAFEGUARD YOURSELF: Never respond to these emails, they are all scams; if your friend needs help, they would call or text you.
Spearphishing and Whaling
Spearphishing is a more targeted version of email phishing with a greater rate of success for the criminals. Whaling is similar to spearphishing, but specifically targeting high level corporate executives (the "big fish").
Spearphishers take time to learn more about you than typical phishers. They will look at your social media, your website, your online reviews, and they'll send targeted emails to you that appear to be from friends or from businesses you're associated with. These emails will be attempts to get passwords and PINs or other personal information from you. BEST STEPS TO SAFEGUARD YOURSELF: Question emails from anyone, even if they seem very personalized, that are attempting to get you to share personal information, PINs or other account information. If a friend asks you for something like this, call or text them to discuss it, do not click a link or reply to an email.
Watering Hole Phishing
Watering Hole Phishing targets organization networks via their employees/volunteers online activity.
The watering hole tactic is used by criminals to gain access to organizational data. The criminals determine which websites are used frequently by employees of an organization, then they select one of the less secure sites and they install malware on the site. When the employees visit the site, they can accidentally launch the malware that allows the criminals to gain access to the company's network via the employee's user account. BEST STEPS TO SAFEGUARD YOURSELF: Do not use your company device for personal online activity; do not click on pop ups on websites; if a window automatically opens on a website (you didn't open it) use CTRL W to exit of clicking on the X (the X could house the malware); if a site or content on a site seems out of place or different than you typically see, get off the site.
Angler Phishing uses social media posts to lure unhappy customers.
This tactic is multi-step, and it uses social media. The criminals set up an automated scanner that looks for certain company names and targets posts from unhappy customers. When someone posts a rant on their social media like "I'm so sick of XYZ company, here's the terrible thing they did….!" The scanner notifies the criminal about the unhappy customer post and then the criminal is able to comment on the post, posing as a helpful and very apologetic service representative and offering restitution. The criminal will then provide a private link to the unhappy customer and when they click the link they'll launch malware onto their device. BEST STEPS TO SAFEGUARD YOURSELF: Don't share your social media posts publicly, only post to friends. Don't click on any links that show up in your comments or in your messaging inbox.
Vishing and Smishing
Vishing and Smishing are phishing tactics via phone and text.
Vishing uses phone calls and voicemail messages to target
individuals and obtain personal information. These messages may be threats of
arrest, turning off utilities, closing accounts OR they may be notifications
about awards or prizes. BEST STEPS TO SAFEGUARD YOURSELF: Never say "yes" to an
unknown caller (often they will record your voice saying yes and then splice it
to a different question…i.e. They say "I'm on a recorded line are you able to
hear me all right?" and you say "Yes" then they take your recorded voice and
add it to the question "Do I have permission to bill you for this service?"
Never call back the number that called you or the number in the voicemail,
always look up the company's actual customer service number and use that to
Smishing uses text messages in the same way Vishing uses phone messages. BEST STEPS TO SAFEGUARD YOURSELF: Never click a link or call a number from an unsolicited text message, even if it seems legitimate. Block unknown numbers. If you want to verify, look up the company and call or email them directly.
Use this information to protect yourself, and share it with
your children. If you get emails, calls or texts, share them with your children
so they can learn about these scams.
Want to learn more? Sign your child up for our online safety
training, Protected While Connected.