How to spot and report phishing messages!
The Federal Trade Commission’s definition of phishing is “when a scammer uses fraudulent emails or texts, or copycat websites, to get you to share valuable personal information.” When a user falls for a phishing message, the malicious actor achieves their purpose of getting the victim to hand over sensitive information such as login names and passwords.
Though we count on technologies and controls to minimize threats, phishing exploits users through social engineering, which allows the malicious actors to side step these protections. This is why it is important that everyone learn to spot these fraudulent messages.
Telltale sign the email is a phishing scam:
- A sender address that does not match the sender name
- Odd or bad grammar; these email will often contain spelling errors.
- A signature that is overly generic
- Mouse over links in email to reveal their true URL.
- Do not open unexpected attachments: They are a cybercriminal’s #1 choice for spreading malicious software.
- Trust your instincts: Does that email feel ‘off’ in some way? It probably is.
- Is it urgent? Slow down. An “IMPORTANT MESSAGE” may be a phishing attempt. Cybercriminals want you to do what you’re told when you’re told. Think before you click.