Protecting Yourself Against Email Phishing
I will be the first person to tell you to never click a link in an email from a bank or what you think is a legitimate link to any online account you may have. Whether it be Netflix, Amazon, Fed Ex, PayPal, Capital One or Spotify, the list of companies used by scam artists is endless.
Those sending out phishing emails use trust in these companies to fool us when we least expect it. This is how I came to click on one of those lines, even though I know better. It happened to me when I had my guard down. More about that in a moment and how you can protect your online accounts and identity.
My story in a moment, but first let’s define exactly what I am talking about.
What is Phishing?
Phishing is a malicious attempt to steal your personal information and gain access to an online account you have with a reputable company. The scammer will send you a fake email that links to a fake login of that company.
The word phishing is is pronounced like ‘fishing’ and just like when commercial fisherman casts a wide net to catch fish, scammers and hackers send out millions of emails in hopes to catch easy prey who unwittingly click on the links in those emails.
First of all, most online services will never send you a link asking you to sign into your account for any reason. If they do, I’ll explain why you should still not click it and how to access your account safety to see if the email actually came from a legitimate company. In most cases, these malicious emails contain alarming news about your account being compromised, hacked or suspended.
We’ve all seem these emails. They come from hackers and scammers that state “Your Account Has Been Locked” or the message I recently received from Netflix:
“Thanks for choosing Netflix membership! due latest security issues we need you to upgrade your account details in order to continue your membership.”
Notice how there was even a grammatical error in the message, but yes – I still clicked it. I knew full well that if our account had needed changing or was compromised, Netflix is one of those companies that would have emailed a notice and then instructed me to go to their website via usual methods (such as Googling Netflix or using a trusted bookmark you made in your browser). They won’t put the link in the email.
I Knew Better, but Still Clicked a Phishing Link
In my case, I had just made changes to the WiFi password in our home and this of course would effect Netflix’s ability to connect via the devices that were previously set up using the old password. Even though I know about phishing and to be careful when receiving these emails, my wife had just mentioned to me that she was unable to connect to Netflix.
At the same time the fake Netflix email arrived in my inbox. I was annoyed that Netflix may not be working so I clicked the link. Fortunately, I realized immediately what I’d done so I closed my browser before any harm was done.
Upon further investigation, I noticed that the link actually was going to a different website than Netflix, but in that moment of frustration it made sense in my mind to be receiving an email from Netflix.
Cyberthieves count on catching people off guard. For example, if you don’t have a Chase bank account, then chances are you won’t pay much attention to the email. You know it’s probably fraudulent. But if I do have an account related to the email, it makes sense to be receiving an email about a problem with your account. Especially when you’ve recently logged in your this account and made changes.
For example, imagine that you just shipped a package via FedEx, and later that day a FedEx email comes in stating that your package can’t be shipped. You immediately get stressed… “What?” If you’re not thinking, you will click the link to see what the problem is.
It’s a ‘game of chance’ as hackers send out millions of these emails. They know they will trick some people because by coincidence alone these same people will not only have an account related to the email, some of them will have recently made changes to their account, or shipped a package with UPS, or applied for a loan at a bank.
If there is a legitimate problem with your online account, there will be a notice posted about it after you log in. If all is normal, then you know the email you received is a scam.
Phishing, also known as Spoofing, is very common. If you click the link in a plishing email and you attempt to log into your account, thieves gain access to your user name and password. Once inside the account, they have access to all of your personal information.
Beware of Viruses Coming as Email Attachments
Protecting yourself against phishing is as easy as never clicking a link to an online account from within the email. Always go to your account by typing in the website url in a browser directly. Or use the bookmark you’ve set up. Computer infections caused by viruses in email attachments however, are a different story. This is why Anti-Virus software is important to stop spyware, Trojan horses, adware and computer worms. But there are new email virus schemes that employ the same methods as phishing.
You may have see them. These emails contain attachments in the form of a seemingly innocent Word doc or a zip file. The email may say, “Your loan has been approved!” Or “Attached is Your Out Standing Invoice”. If you happened to have just applied for a loan or are curious about if you owe money, you will be more likely to open the attachment.
While phishing emails gain access a single account to access your personal information, viruses via email will activate malware that infects your entire computer. In both cases, your personal information is compromised.
If you have accidentally given access to one of your online accounts for any reason or are not sure, log in and change your password as soon as possible.
If you think your computer has been infected by a virus, read more about how to scan and remove malware – as well as protect yourself from attacks.
What Can You Do to Help Stop Hackers Who Send Phishing email?
Virtually every online account service you use will have security departments that investigate phishing. As such, many have email addresses that you can forward these bad emails to for further investigation. When you get a suspicious email, simply Google the company name with the word phishing (i.e. ‘Report PayPal Phishing’ or ‘Report Chase Phishing’) and you will often find information about where to send phishing emails and perhaps help these companies catch the cyberthieves.
If you land on a url that appears to impersonating a legitimate website in order to steal personal account information, you can report the phishing website to the Google Safe Browsing team.