• Skip to main content
  • Skip to primary sidebar
Scambusters
menu icon
go to homepage
search icon
Homepage link
  • Get Our Weekly Scambusters Newsletter
  • Advice
  • Avoiding Scams
  • Scammer Techniques
  • Identity Theft
  • Consumer Help
  • Phishing
  • Bank
  • Phone
  • Urban Legends
×

Use These Key Tips To Escape Phishing Attacks

phishing

What you can do about the alarming rise in phishing: Internet Scambusters #984

Phishing -- trying to steal victims' confidential information -- is by far the biggest source of identity theft scams. And it's getting worse day by day.

Research shows that despite all the warnings, consumers and employees continue to click on malicious email and text links that expose them to danger.

In this week's issue, we'll tell you the best ways to avoid phishing scams and how to monitor for other leaks of your private information.

Let's get started…


Use These Key Tips To Escape Phishing Attacks


Until a few years ago, most of us knew about "fishing," but not "phishing" -- tricking people into revealing their sign-ons and passwords for identity theft.

Today, Americans lose tens of millions of dollars each year through phishing scams. Now, cyber experts report an alarming rise in the crime that threatens us all. An estimated 80 percent of reported security incidents last year were phishing attacks.

The FBI reports that the number of attacks increased eleven-fold between 2016 and 2020. And, according to Google, the number of fake websites used to harvest personal information jumped from 1.7 million in 2020 to 2 million this year.

Furthermore, scammers are using increasingly sophisticated tactics to try to fool us. For example, they're using artificial intelligence to eliminate the poor spelling and grammar that usually signals a scam and to target victims by including personalized information that suggests a message is genuine.

And they're increasingly trying to get around two-stage security (known as multi-factor authentication or MFA) where a user first must give a password and then key in a second code to confirm who they are.

More Scam Reports:  Copyright: What To Do If Someone Steals Your Creative Content

They're also using a technique called "layering," which starts with a link to a genuine website or document but eventually leads to the downloading of a file for which they're asked to enter their sign-on details on a fake site.

5 Important Tips

Here are 5 important things you should know if you don't want to fall victim to these crooks:

  1. If you use MFA, never provide the security code to someone else on the phone. That goes for even if you receive a call or email claiming the sender is running a security check.

However, some organizations might ask you to key a number into your phone that they have flashed up on screen. Make sure you're 100 percent certain you're connected to the right account before doing this.

Note: MFA does add another layer of security and you should still use it to sign on to important accounts.

  1. Don't click on links that supposedly take you to a sign-on page. If you receive a message asking you to log on -- for example, you're told there's something wrong with your account -- go to the home page of the organization using the correct website address and check from there.

This year, there's been a notable rise in phishing emails pretending to be from cyber-currency traders. For instance, one of the biggest trade houses, Coinbase, says some of its customers who got fake emails that looked like the genuine item signed on to a fraudulent page. With these details, the scammers immediately logged onto user accounts and drained their currency holdings.

  1. Keep Internet security apps up to date on your PC and mobile device. Make time to investigate security options on browsers and email programs and use settings to flag up dangerous sites or messages.
  2. Don't be fooled by messages that include personal information about you. This has almost certainly been harvested by "scraping" -- the tactic of crawling through social media posts to pick up bits of usable material such as info about your job, your friends, and so on.
  3. Plus, you should still look out for those basic spelling and grammar errors in emails. Many scammers are still using them.
More Scam Reports:  How Artificial Intelligence Is Turbocharging Frauds and Scams

To report identity theft, contact the Federal Trade Commission -- ftc.gov or call 1-877-438-4338.

Targeting Employees

But even if you take all the necessary security measures, you still can't be safe if someone else -- a store you do business with, for example -- is hacked in a phishing attack targeting employees.

Researchers at cyber protection company Proofpoint discovered that, globally, three quarters of all organizations suffered a phishing attack in 2020. Another study (Terranova) found that 20 percent of all employees who received phishing emails were likely to click on them. And two-thirds of these would enter their credentials on a fraudulent page.

The crooks then log onto the corporate network to steal information including, maybe, yours.

The key measures for individuals to protect against this danger or limit the damage caused is to use different passwords for each and every site you use and to change those passwords frequently. Also look out for news of firms whose information has been accessed via phishing. If you do business with them, change your sign-on details immediately.

It's easiest to do this with a password manager. See our earlier issue on this topic: Your Choices When a Free Password Manager Starts Charging.

In addition, check your online mortgage, bank, and store accounts and credit score/report regularly. Many banks and other services (e.g., Credit Karma) already offer check-ups from the big three reporting agencies -- Experian, TransUnion, and Equifax -- but you can also get it for free from AnnualCreditReport.com.

Finally, of course, if you are a network-linked employee, don't take chances by opening attachments or clicking on incoming email links. Chances are high that, sooner or later, you absolutely will be a phishing target, so be vigilant!

More Scam Reports:  Save Yourself From These 20 Small Business and Freelancer Scams

Alert of the Week

Who wouldn't want a free set of high-end EarPods? Well, you won't get them through a supposed Amazon raffle that's doing the rounds.

Targets receive a text message seeming to come from the online retailing giant saying they won the EarPods, another gadget or even a "mystery prize."

Sadly, this is just another phishing attempt. Victims who click on the link in the message are taken to a fake Amazon page to provide their sign-on information.

As we always warn, you can't win a raffle you didn't enter. Even messages that say "you've been selected" for some sort of promotion should be treated with great caution.

Time to close today, but we'll be back next week with another issue. See you then!

« Don't Fall for the Money-Saving Lure of Cracked Software
Fake Websites Trick Travelers Into Airport Security Pass Scam »

Primary Sidebar

Search For Scam Info

Popular

  • Disaster Scams
    Disaster Scams: What You Need to Know and How to Stay Safe
  • teenager safety online
    Protect Your Teenager from Being Targeted Online
  • real estate scams
    Buyer Beware: Real Estate Scams and How To Avoid Them
  • public assistance
    Public Assistance Scams: How to Protect Your Benefits

Footer

↑ back to top

About

  • Privacy Policy
  • Terms & Conditions

Newsletter

  • Sign Up! for emails and updates

Contact

  • Contact

Copyright © 2024 Scambusters.org and Breakthrough Consulting, Inc.