Why should I be concerned about phishing?
- Being phished might not sound like a big deal, but it leads to all sorts of issues, such as identify theft and credit score penalties. It is also closely tied with a practice called “credential stuffing,” which is where your stolen username and password are used to login to other sites not related to the original phishing site.
- If a common username and password is used for banking, email, and streaming services then all those services are now at risk for unauthorized access and charges, potentially resulting in the account being locked or cancelled.
- Information related to a stolen account is also extremely valuable – for instance if your Google account is stolen and you have password synchronization enabled, then the phisher now has access to all those stored usernames and passwords. A simple stolen Gmail account could now expose the logins you use at your employer.
How can I protect myself against phishing?
- Think before you click the URL
- Look for suspicious indicators of fraud before clicking
- Does the URL have suspicious keywords?
- Does the text of the message contain spelling errors or wording not expected from the recipient?
- Did you expect to receive this suspicious email? It doesn’t make sense to click a link on a package delivery email unless you are expecting a package.
- Use your instincts
- Does the text in the email/SMS/voice message appear to be too good to be true?
- Can you verify the authenticity of the email by going to the site directly, rather than clicking on the link in the email? If the email says there is a package waiting for you from UPS, can you go to the UPS website directly and verify the package.
How do I check if a site is legit or fraudulent?
- Verify the URL is what you expect. If you receive a suspicious email about a payment, does the link take you to payment website or some other site? Roll your mouse over the link; you don’t have to click it.
- Check if the URL is secure. The “S” in HTTPS stands for secure, so don’t enter private information on sites that are HTTP.
How do I report fraud?
- Submit your URL to phishing.com: https://www.phishing.com/
- Forward your email (as an attachment) to email@example.com
Where else can I find fraud-related information?
- APWG: https://apwg.org/
- FBI/NSA: https://www.usa.gov/stop-scams-frauds