By Susan Hoffman
Edge Managing Editor
According to the FBI’s 2020 Internet Crime Report, published by the Internet Crime Complaint Center (IC3), phishing was one of the most common types of scams in 2020. It resulted in over 241,000 victims and $54 million in losses to its victims.
The COVID-19 pandemic was also a contributing factor to the high number of phishing incidents. During the current pandemic, many companies have asked their employees to work from home, where cybersecurity measures may not have been as stringent as they would be in a standard office.
But what is phishing? How do you recognize it when it happens to you?
What Is Phishing?
In a phishing scam, a criminal will send you an email or text that at first glance seems realistic. It might appear to come from your bank, a social media site or your credit card company. Other “senders” might be online retailers like eBay, Etsy or Amazon or an online payment site like PayPal.
Often, the scammer relates information designed to upset you, pressure you to adhere to a deadline or arouse your curiosity. For instance, you might receive a message saying that there’s a problem with your account or that you need to confirm some of your personal account information. There may even be a link to click.
To make their emails look legitimate, scammers have been known to use existing company logos. These logos are relatively easy to copy and paste into an email.
Although many email services can weed out phishing emails, some of them can still evade the filters and get through to your email box at home or work. Fortunately, there are multiple ways to recognize a phishing email. Microsoft notes that there are several ways to determine if an email you receive is not legitimate:
- Grammar or spelling mistakes
- Generic rather than personalized greetings
- Unexpected attachments (such as an invoice you weren’t expecting)
- Suspicious links (hover your cursor over the link in the email to see where it really comes from)
- A sender you don’t recognize
- A call for immediate action
- A request for personal information or financial details
- A slightly misspelled domain (microsoft.com versus micros0ft.com)
How to Protect Yourself
The best defense against phishing is to take the time to stop, think and research. For instance, if you get an unexpected email notice that your bank account needs verification, check with the bank in person. Another strategy is to look up the bank’s number on a search engine and call the bank directly to see if it sent the email before providing that information.
- Install security software on your computer and set it to update automatically.
- On your mobile phone, check for security updates and have them install automatically.
- Use multi-factor authentication to protect your accounts.
- Back up your data regularly.
For work-related data, consider using the 3-2-1 rule. Make three copies of your data, using two different media (such as cloud storage and a thumb drive), with one copy stored offsite.
Also, stay informed by reading news sites. Email scams evolve all the time as scammers try to get the information they want, and these scams are frequently reported in the news.
Ultimately, trust your instincts. If you read an email and it doesn’t feel “right,” it never hurts to double-check with the sending organization before you answer. In the end, that practice could prevent you from becoming a victim and save you money.