Learn to recognize and report phishing scams is a top step you can take to stay safe online. It’s fairly easy to do and doesn’t take long at all. Just look closely before you click a link.
What is a phishing scam?
A phishing scam happens when a cybercriminal sends you a fake email, direct message, text, or even a pop-up ad to try to trick you into taking an action, such as clicking a link, to provide personal information or make a payment.
A phishing message may be cleverly disguised to look like a real message from a familiar company such as your bank. Cybercriminals can be pretty sophisticated with phishing scams, to the point that there are many types of phishing techniques that have earned their own names (see Definitions below for more info).
Learning to spot the telltale signs of phishing and to stop and think before taking action on an email or other message can go a long way towards keeping you safe from phishing scams. Here are some clues that can tip you off to a phishing attack:
- Alarming “news” about an account.
- Attachments that look odd.
- Failure to address you by name.
- Grammar errors or misspellings.
- Offers for free gadgets, trips, or other items of value.
- Language that sounds just a little bit “off.”
- Request to click a link or take urgent action.
Source: National Cybersecurity Alliance
Definitions
Phishing - a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.
Spam - unsolicited email sent in bulk to a large list of recipients. While spam is annoying, it isn’t necessarily a phishing attack.
Spear phishing - Spear-phishing is a type of phishing attack that targets specific individuals or organizations typically through malicious emails. Spear phishers carefully research their targets, so the attack appears to be from trusted senders in the targets’ life.
Smishing - a phishing message sent via text
Vishing - a phishing message sent via voicemail
Resources
5 Ways to Spot a Phishing Email