October is National Cybersecurity Awareness Month, the time of year when cybersecurity experts from government, academia and industry remind us of the importance of safeguarding our digital information and reviewing our online safety practices.
One of the most common ways that crooks and criminals get your personal financial data is through phishing. Phishing is using email spoofing and other tricks to get you to give up personal info or click to a dangerous website that might expose you to a virus or a computer hijack. Never ever click on links or download things from a stranger!
But don’t just worry about bad emails from strangers – worry about bad emails from people and brands you trust. Many of the big brands we use everyday – Microsoft, Netflix, PayPal, Amazon, Apple – are regularly spoofed and we are tricked into clicking when we see messages like “your account is being disabled” or “thanks for your recent purchase” when you hadn’t made one. Or from a friend or family member, emails saying “this is a riot – click here” or a boss saying “We need your bank credentials for direct deposit.” If something seems off or strange or odd, it probably is. It’s better to be safe and not sorry so double check if you have doubt. Phishers are good at gaining our trust or exploiting our fears.
It’s vital to learn about how to avoid being caught by a phisher. We’ve assembled some quizzes to give you practice. But be warned, these are pretty difficult. If you take the time, however, even wrong answers will teach you something about what to look for and how to spot a fake.
- Jigsaw Phishing Quiz – from Google / Alphabet
- Are You Smarter Than a Cybercriminal
- The OpenDNS Phishing Quiz
Our top tips for avoiding phishing scams
- Don’t click any links or download anything from a sender you don’t know or trust. It’s always worth double-checking. If it’s a web link from your bank, instead of clicking, go to your bank website directly by typing in the Web address in your browser. If it’s a phone call, hang up and call your bank.
- Get in the habit of hovering over links to see who the email is really coming from and where a link is actually sending you. Learn how. On a mobile device? It’s a little trickier but you can and should still learn the source of a link from someone you don’t know. Here’s how: How to Check Embedded Links on Your Mobile Device
- Phishing emails often have poor grammar or spelling mistakes. That’s a big clue that it’s a fake.
- Be suspicious of any email or phone calls that demand you take action right away or that threaten you. The IRS and Medicare don’t call or email to threaten you or demand money. Urgency and threats are hallmarks of fraud.
- Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
- Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser. Look for “https” in the URL. How Can I Tell If a Website Is Safe? Look For These 5 Signs
- Consider installing a Web browser tool bar to help protect you from known fraudulent websites
- Regularly log into your online accounts to ensure that all transactions are legitimate
- Ensure that your browser is up to date and security patches applied
- Always report “phishing” or “spoofed” e-mails to the following groups: forward the email to email@example.com; forward the email to the Federal Trade Commission at firstname.lastname@example.org; when forwarding spoofed messages, always include the entire original email with its original header information intact
- Take extra precaution when traveling. Don’t login to financial sites when on a free, public Wi-Fi..