October is Cybersecurity Awareness Month, and it is a great time to learn more about essential elements of protecting computers and mobile devices – such as smartphones and tablets – from attacks and unauthorized access. One method scammers use in an attempt to pry personal identifying information out of unsuspecting consumers is called “phishing.”
Phishing occurs when a scam artist sends an email pretending to be a trusted organization. For example, a scammer might pretend to be your bank, even using the bank’s logo. Scammers often create imposter websites to trick you into revealing personal information to untrusted sources. According to
published reports, 43% of cyberattacks last year came through phishing or pretexting, which occurs when a con artist invents a fake scenario in order to gain access to your personal information.
When reading emails, text messages and other communications, be sure to look for these red flags:
- Suspicious email addresses: Always review the address your email is coming from. If it is off by just a single letter, it’s a sign that a phishing scam is in action. Also, hovering your cursor over the supposed email address may reveal a different source. You should scrutinize every email before clicking on any links or taking any requested action.
- Generic greetings: Phishing attempts often begin through a mass email to thousands or millions of recipients. If there is no greeting or if the greeting is generic (“Dear Accountholder”), if it uses only your email address or differs from past communications with the same sender, be skeptical.
- Spelling and grammar: Phishing messages often contain grammatical errors or spelling mistakes. Many phishing attempts originate in foreign countries, so be sure to watch for awkward language or verbiage that appears out of character for the source the information is supposedly coming from.
- Deceptive web addresses: Know that links in an email or on a website or document may show text that is different from the link’s true destination. Try hovering your curser over the text or link without actually clicking on it: You will likely see the URL (web address) of the actual destination that you would be sent to. (Sometimes this appears at the bottom left of your browser window.) Also, remember that the web address you are asked to click on may be similar to a legitimate company, organization or government agency, but not exact. It is important to look for subtle differences, such as an extra dot or a missing letter.
- Expressions of urgency: Is the sender trying to use language to get an emotional response from you? The goal of some phishing scams is to get you to act quickly based on emotions such as fear or excitement. If the letter or notice is too good to be true, be especially careful. For example, did you win a contest you never heard of or entered in? Gain an inheritance from a distant relative you never met? Get an unexpected refund or credit? Be a skeptic!
- Unexpected or suspicious attachments: Treat all attachments with caution. Did the sender provide an attachment you didn’t request? Does the sender typically send you attachments or is it out of character? Is the attachment’s file name or file type unusual? If you have any hesitation, verify with the sender before opening or clicking anything.
- Requests for account details or other sensitive information: Many phishing scams begin with an email supposedly from a well-known bank or other organization where you might have an account. These days, such institutions are not likely to ask for account information in an email. Responding could bring you to a fake website’s login page in hopes of stealing your login credentials and other personal information.
Experts are also warning consumers about scammers who use QR codes to disguise harmful links to fraudulent websites, hoping to convince consumers to scan the code that, in reality, leads to downloading malicious software. If you ever scan QR codes using your device, read the
Better Business Bureau’s scam alert and be aware that some scammers are directing consumers to phishing websites using QR codes.
If you suspect a scam or an unfair business practice, contact the Ohio Attorney General’s Office at
www.OhioProtects.org or 800-282-0515.