You’re sitting at your desk scrolling through your inbox catching up on emails and you come across an email from a service provider that reads, “Urgent”! Your account has been compromised, please log into your account. You click on the link and without thinking you enter your username and password. Or perhaps the email gives you a number to call. You call and the customer service rep says they need to log into your computer and “check some things out.” You follow his instructions and allow him to do his thing. A few hours or days later, you discover that you’ve fallen victim to a scam. Maybe they have found their way into your bank account, or perhaps they’ve logged in to an account and spent thousands of dollars. These scams are known as phishing scams and they are very common. Below are 6 tips to help you make sure that you do not fall victim to these kinds of scams.
- Protect your computer with security software
Many times a good security software that protects both your browser and email can catch a lot of scams and threats. Of course you want an Antivirus that has a good reputation and you might want to think about paying for a good one instead of using many of the free versions that are out there. You will also want to keep the Antiviruses definitions up-to-date. These definitions help the software identify threats as new threats are discovered every day.
- Stay informed about current phishing techniques
Hackers and Scammers are evolving and finding new ways to rip you off every day. Stay informed by occasionally brushing up on current phishing techniques by reading online blogs from trusted sources.
- Verify the site’s URL and security
First thing you should do when clicking on a link is to verify the site’s URL. For instance, Netflix’s domain is netflix.com. Apple’s domain is apple.com. If the site has some other domain name, it’s likely a scam. Another thing to look for is the “green bar” SSL lock. At the beginning of the URL in the address bar you will see a lock icon indicating that the site is secure.
- Verify that the email address is valid
Before you click look at the sender’s address. A lot of scammers use emails from free email account providers. Just like verifying the domain name, companies will send email from an official company email. (For instance Netflix will be from an email that ends with @netflix.com). Most phishing emails can be avoided by just looking at the email address.
- Use Multi-Factor or Two-Factor Authentication
MFA or 2FA use trusted devices, emails or phone numbers to verify your identity. Most accounts have adopted these measures due to the rise of phishing. You can use and authenticator app like Google Authenticator or you can verify by using your phone number to receive a text or phone call and in some cases you can use an alternate email address.
- Never give out your personal information
Probably the most important piece of advice is to never give out your personal information, especially in response to an email. Companies will rarely, if ever, ask for personal information like usernames and passwords. If you do get an urgent email from a company the best practice would be to go to that companies website or app directly and log in instead of clicking on the link.
Of course this is not an exhaustive list but by implementing these 6 practices you will certainly be a little safer from the most common phishing scams.