Criminals use phishing schemes to infect your machine with malware and viruses to steal personal and financial information. They attempt to lure users to click on a link or open an attachment that infects their computers, leaving them vulnerable for criminals to exploit. Phishing messages may appear to come from a legitimate financial institution, e-commerce site, government agency, or any other service, business, or individual. Phishing emails may request account numbers, passwords, and Social Security numbers, among other things. When users respond by providing the information or clicking on a link, attackers are able to access their accounts.

A cybercriminal may trick you into believing a spoofing email is from a trusted source by using a familiar email address, website, or phone number. In order to fool you, cybercriminals may alter one letter, symbol, or number in a website name to make it seem more familiar. Because you believe these emails are real, you may be tricked into downloading malicious software, sending money, or divulging personal, financial, or other sensitive information.

How Criminals Lure You In

The following messages are some examples of what attackers may email or text when phishing for sensitive information:

• “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
• “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
• “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
• To see examples of actual phishing emails, and steps to take if you believe you received a phishing email, please visit StopRansomware.gov.

Quick Tips

Play hard to get with strangers.
It’s important to play hard to get with strangers when you’re dealing with cybercrime. If you’re not sure who sent you an email, don’t respond or click any links or attachments, even if the information seems accurate. Be cautious of generic salutations such as “Hello Bank Customer” since they are frequently used in phishing attempts. If you have doubts about the legitimacy of an email, contact the business directly.

Think before you act.
Before you act, consider carefully. Avoid acting impulsively on communications that demand you to act immediately, as phishing emails frequently do. Phishing emails frequently attempt to create a sense of urgency, making the recipient believe that their account or data is at risk. Verify a suspicious message from an organisation if it still appears phish-like, or reach out to their customer service department if it appears to come from an organisation. If you receive a suspicious message from someone you know, contact them directly on a separate, secure platform.

Protect your personal information.
Be careful about revealing personal data online. If someone has key information about your life—such as your job title, multiple email addresses, full name, and more—they may try to phish you directly. Criminals can also use social engineering with this information to try to manipulate you into ignoring standard security procedures.

Be wary of hyperlinks.
Hover over links to verify authenticity and check the URL before clicking on any links in emails. Ensure that URLs begin with “https.” “Https” indicates encryption is enabled to protect users’ information.

Double your login protection.
You should use multi-factor authentication (MFA) or 2 Factor Autehentication (2FA) to ensure that only you have access to your account. Use MFA or 2FA with any services that require logging in, including email, banking, social media, and more. Use a secure token, such as an authenticator app or a physical token that you can attach to your key ring, if MFA is an option.

Shake up your password protocol.
We recommends that passwords or passphrases be as long as possible. You can safeguard your accounts by using password managers to generate and store unique, difficult passwords for each of them. By altering your standard password, you can protect yourself if a breach occurs.

Install and update anti-virus software.
Make sure all of your computers, Internet of Things devices, phones, and tablets are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.