Spotting & Avoiding Email Phishing Scam Attacks

Put simply, a phishing scam is an attempt by a scammer to trick a victim into divulging sensitive information. While these scams seem simple and easy to thwart, they are actually the top cause of information security breaches and identify theft crimes. Due to the nefarious nature of these attacks, even normally cautious individuals can fall prey to phishing attempts.

How Does Phishing Work?

The most popular vector for phishing attacks is through email. An attacker will send out an email that claims that sensitive information has been compromised. They may ask the victim to respond to the email with their account information, or they may provide the victim with a link to an official looking website. If the individual responds to the email or logs into the site provided, they have been successfully “phished.”

How to Spot a Phishing Scam

As Internet security awareness has increased, phishing scams have gotten more and more complex. Often, it can be nearly impossible to tell the difference between a scam email and a valid email from a bank or other official company at first glance. To add to the confusion, phishing emails often appear to be sent from real organizations, and they include real company logos and website links.

Not only do these fraudulent emails often appear official, they also urge the victim to take immediate action. The attackers make the victim believe they must react immediately in hopes that the victim will divulge sensitive information before they become suspicious.

It can be hard to tell a phishing email from a valid one at first glance, but there are several red flags that can reveal a scam.

Phishing email red flags:

• Minor typos in a company name or logo
• Minor spelling changes in a well known web site address
• Emails from businesses you typically do not do business with
• Emails that claim account information has been compromised
• Emails that claim immediate action needs to be taken with dire consequences
• Emails that ask for a user name, password, account number or social security number

How to Defend Against Phishing Scams

The best way to avoid phishing scams is to simply avoid clicking on links sent through email, and always verify the identity of financial institutions before divulging any sensitive information. For example, when receiving an email that comes from a bank, do not click any links in the email to log into the banking website. Instead, type the web address of the bank into the web browser manually. This simple action will thwart the vast majority of phishing attempts.

Additionally, if an email seems suspicious, call the company in question directly at their official phone number to inquire about your account. Do not use any phone numbers included in a suspicious email, and do not click on any of the contents of the email either.

Other solid anti-phishing practices include:

• Reporting suspicious emails immediately
• Keeping your browser and operating system updated and patched
• Checking bank and credit card statements regularly for fraudulent or unrecognized charges
• Utilizing security tools such as antivirus software and official browser security toolbars
• Never divulging sensitive information over chat or email

What to Do If You Have Been Phished

If you believe you have divulged sensitive financial or account information to a scammer, contact your financial institution immediately. If you have divulged account information for a website, such as eBay.com, contact the site immediately. Once you have notified the company in question that your information has been compromised, they can freeze accounts and reset your passwords to mitigate the damage done by the scammer.

Acting quickly is the key to reducing the amount of damage done by a phishing attack. Even if it turns out to be a false alarm, it is always better to err on the side of caution. Resources including identitytheft.org and antiphishing.org contain comprehensive resources that can guide you through recovering from a phishing attack.