by Bobby Garrett, IT Director
Gray, Gray & Gray, LLP
A growing issue beleaguering the technology world is “phishing,” a tactic used by cybercriminals as they attempt to obtain financial data and other confidential information from unsuspecting individuals. Phishing uses “spoofed” emails, fake websites and deceptive phone calls to lure people to voluntarily hand over sensitive information. The ultimate goal is to steal money from the victim.
There are a number of indicators that an email or phone call may be a phishing attempt. Be alert for the following warning signs that could help you identify phishing tactics.do not pay immediately. Most states have laws prohibiting professional debt collectors from using email to obtain payment from anyone, and the IRS will not make such demands via email or phone.
- Requests for money – Phishing emails sometimes make pleas for individuals to wire money, often to other countries. Crooked phishers may concoct heartfelt stories to gain sympathy or create panic, such as reporting that a child or relative is in trouble and needs cash immediately. Don’t do it!
- Offers that are too good to be true – Phishing emails often contain offers that are very tempting, but hard to believe. Remember the old adage: “If something seems too good to be true, it probably is.” If you did not apply or ask for something but suddenly you are contacted as the “winner” of an incredible prize or offer, it’s highly unlikely that the information you’re receiving is valid.
- An impersonal or generic greeting – Phishing emails frequently start with impersonal greetings, such as “Dear valued customer,” rather than using your name. Legitimate businesses often personalize their communications by using their customers’ names in the salutations.
- Information sent to multiple receivers – If you receive an email with a sensitive document, such as a bank statement, that is sent to more than one individual, this is a warning sign that the email you’ve opened is a phishing scam. Do not open the attachment!
- Poor grasp of the English language – Many phishing emails are automated or originate outside of the U.S., and often feature poor grammar, spelling errors and improper sentence structure. If the message is awkwardly worded, that is a sign that it is a phishing attempt.
- Domain/sender inconsistency – Phishing emails often appear with mismatched information, such as a display name that is different than where the email is coming from. For example, you might receive an email that claims to be from “Bank of America,” but the email address is not from Bank of America. Caution: In some cases the phisher creates an email account that is very close to the legitimate one, perhaps just one or two letters off, which can make it appear real if read quickly.
- Email signatures – Many phishing emails contain signatures that have simply been copied and pasted from websites, or the titles listed aren’t the correct titles for the “senders” of the emails. If you notice that the name or title doesn’t make sense, or if there is a nickname in quotes or parentheses, this could be another indication that it’s not a trustworthy email.
- Asking for information verification – Banks and the IRS will never request your personal information or to ask you to verify sensitive information through email. If you receive an email asking for such information, contact your bank by calling the number on the back of your bank card or the number provided in your statement. Do not respond to the email or open any link provided in the email.
- Dire threats – Cybercriminals will often use forceful messages that claim individuals are late on bill payments, or owe back taxes and will be arrested if they do not pay immediately. Most states have laws prohibiting professional debt collectors from using email to obtain payment from anyone, and the IRS will not make such demands via email or phone.
- Unusual links – Many phishing emails contain links that could lead to the spreading of malicious software on your computer. If you have any doubts at all about a link in an email, do not click on it. Delete the email, and then take the extra step of deleting or trashing them from your deleted emails list. Never forward these emails to anyone.
Phishing scams can come in a variety of forms, and it’s important for individuals to be careful about the information they give out. Always verify the sources who contact you, and treat all unsolicited phone calls and emails with skepticism. It’s better to be safe than to become a victim of phishing.