Protecting Yourself Against Email Phishing
I will be the first person to tell you to never click a link in an email from a bank or what you think is a legitimate link to any online account you may have, whether it be iTunes, Netflix, Amazon, Fed Ex, PayPal, USPS… the list is endless and those sending out phishing emails exploit many of these accounts and more.
Even though I know better, it happened to me when I had my guard down. More about that in a moment and how you can protect your online accounts and identity, but first – what exactly is Phishing?
Phishing is a malicious attempt to steal your personal information about an online account you have with a reputable company by sending you a fake email that links to a fake login of that company. It’s pronounced like ‘fishing’ and just like when commercial fisherman case a wide net to catch fish, scammers and hackers send out millions of emails in hopes to catch easy prey who unwittingly click on the links in those emails.
First of all, most online services will never send you a link asking you to sign into your account for any reason. If they do, I’ll explain why you should still not click it and how to access your account safety to see if the email actually came from a legitimate company. In most cases, these malicious emails contain alarming news about your account being compromised or hacked.
We’ve all seem these emails. They come from hackers and scammers that state “Your Account Has Been Locked” or the message I recently received from Netflix:
“Thanks for choosing Netflix membership! due latest security issues we need you to upgrade your account details in order to continue your membership.” Notice how there was even a grammatical error in the message, but yes – I still clicked it. I knew full well that if our account had needed changing or was compromised, Netflix is one of those companies that would have emailed a notice and then instructed her to go to their website via usual methods (such as Googling Netflix or using a trusted bookmark you made in your browser). They won’t put the link in the email.
Well, here’s how it happened to me and why people click on malicious links in emails when they know better.
In my case, I had just made changes to the WiFi password in our home and this of course would effect Netflix’s ability to connect via the devices that were set up to watch Netflix on. Even though I know about phishing and to be careful when receiving these emails, my wife had just mentioned to me that she was unable to connect to Netflix and at the same time the fake Netflix email arrived in my inbox. I was annoyed that Netflix may not be working so I clicked the link. Fortunately, I realized immediately what I’d done so I closed my browser before any harm was done. Upon further investigation, I noticed that the link actually was going to a different website than Netflix, but in that moment of frustration it made sense in my mind to be receiving an email from Netflix.
cyberthieves count on catching people off guard. For example, if you don’t have a Chase bank account, then chances are you won’t pay much attention to the email. You know it’s probably fraudulent. But if I do have an account related to the email, it makes sense to be receiving an email about a problem with your account. Especially when you’ve recently logged in your this account and made changes.
For example, imagine that you just shipped a package via FedEx, and later that day a FedEx email comes in stating that your package can’t be shipped. You immediately get stressed… “What?” If you’re not thinking, you will click the link to see what the problem is. It’s a ‘game of chance’ as hackers send out millions of these emails. They know they will trick some people because by coincidence alone these same people will not only have an account related to the email, some of them will have recently made changes to their account, or shipped a package with UPS, or applied for a loan at a bank.
Phishing, also known as Spoofing, is very common. If you click the link in a plishing email and you attempt to log into your account, thieves gain access to your user name and password. Once inside the account, they have access to all of your personal information.
Beware of Viruses coming as Email Attachments…
Protecting yourself against phishing is as easy as never clicking a link to an online account from within the email. Always go to your account home page or bookmark. Computer infections caused by viruses in email attachments however, are a different story. This is why Anti-Virus software is important to stop spyware, Trojan horses, adware and computer worms. But there are new email virus schemes that employ the same methods as phishing. You may have see them. These emails contain attachments in the form of a seemingly innocent Word doc or a zip file. The email may say, “Your loan has been approved!” Or “Attached is Your Out Standing Invoice”. If you happened to have just applied for a loan or are curious about if you owe money, you will be more likely to open the attachment.
While phishing emails gain access a single account to access your personal information, viruses via email will activate malware that infects your entire computer. In both cases, your personal information is compromised.
If you have accidentally given access to one of your online accounts for any reason or are not sure, log in and change your password as soon as possible.
If you think your computer has been infected by a virus, read more about how to scan and remove malware – as well as protect yourself from attacks.
What Can You Do to Help Stop Hackers Who Send Phishing email?
Virtually every online account service you use will have security departments that investigate phishing. As such, many have email addresses that you can forward these bad emails to for further investigation. When you get a suspicious email, simply Google the company name with the word phishing (i.e. ‘Report PayPal Phishing’ or ‘Report Chase Phishing’) and you will find information about where to send phishing emails and perhaps help these companies catch the cyberthieves.