What is a phishing scam?
Phishing scams are one of the most common methods used by criminals to steal sensitive information. Victims receive an email or text that appears to be from a reliable source, such as a retailer, bank, or credit card issuer. Once that victims click on a link in the message, the fraudster can request personal details or download malware onto their device.
While many people are aware of the risks of opening unsolicited emails, phishing scams remain a serious issue. They are responsible for 90% of all data breaches, with victims still opening 30% of phishing messages.
How do criminals use phishing scams?
Criminals are becoming increasingly sophisticated with phishing scam methods. They can replicate the appearance of official emails and change the name of the sender to look like an email address from a trusted source. All this makes it more likely for a victim to open the email and click on a link within it, which will direct them to a domain that appears legitimate. Here, they may be asked to input sensitive details, like account usernames and passwords. By doing so, they leave themselves vulnerable to further attacks.
The website may also ask for personally identifiable information such as a Social Security Number. These details can be used to commit identity fraud or sold on to other criminals.
Clicking on links or attached files in an unsolicited email can also result in unknowingly downloading malware onto your device. This malicious software runs in the background of your computer, tablet, or smartphone, monitoring your online activity and keystrokes to collect your information.
Phishing scams are not only restricted to emails. Smishing is a form of phishing where victims are targeted with text messages. These operate in the same way as phishing emails, with unsuspecting victims leaving themselves prone to identity fraud by clicking links within an SMS message.
How to reduce the risk of phishing scams
While you can’t always prevent phishing messages from landing in your inbox, you should always exercise caution before opening an email.
Check the full email address of the sender by hovering your mouse over their name. If it appears suspicious, then do not open the message or respond to the sender. Flag the message as junk or spam so that your email provider can filter future messages from the sender, then delete it.
If you have opened an email from an unknown sender, do not click on any links or attachments. These could infect your device with malware and viruses. Do not disclose any sensitive details via unsolicited messages from your bank, credit card issuer, or anyone else, no matter how urgent they may sound. Instead, contact the company directly if you are concerned that there could be an issue.
You can review the legitimacy of websites by looking for ‘https’ in the URL or a padlock icon at the bottom of the browser. If you cannot see these things, then do not input your details into the site.
Ensure the security software on your device is up to date. This will notify you of suspicious communications and attempts to install malware before they do any damage.
What to do if you think you have fallen victim
Report any phishing messages you receive to the Anti-Phishing Working Group (APWG) by forwarding the message to firstname.lastname@example.org. If possible, it’s also helpful to notify the organization that the scammer was posing as. Update any account details that may have become compromised and check your bank and credit card statements regularly for any unauthorized transactions. If you spot anything unfamiliar, immediately report it to the appropriate financial institution.
They will be able to cancel compromised cards, issue you with a new account number, and launch an investigation. Many credit card issuers also have zero liability policies, so you won’t be liable for fraudulent activity on your account.
Frequently review your credit report to check for any unfamiliar activity. You can set up a fraud alert by contacting at least one of the major credit bureaus. This way, you will be immediately notified of any credit applications in your name.
If you have fallen victim to identity fraud via a phishing scam, then you should file a report with the police and the Federal Trade Commission (FTC).