Phishing attacks are no longer limited to email messages. It is true that they most often still are sent either as part of a spam campaign or from spear-phishing, but they can also arrive via text/SMS (smishing), the phone (vishing), social media, or even merely from a visitor mistyping an address in the browser. It’s even been known to happen if a phone number is misdialed, from a rogue USB drive, or from apps that have been installed on mobile devices.
There are ways to avoid this and most of them are easy and only rely on some common sense.
If the offer or statement sounds too good to be true, it probably is and therefore should be ignored. If a claim is made that all you have to do is provide your social security number to get a million dollars, it is probably phishing. You won’t likely get money, but you might get your identity stolen.
If you received a post or private message on social media that a friend is in trouble and needs your help, verify it first. If you had no idea said friend was heading out on an exotic vacation, the post or message could be (or even most likely is) a scam. A quick phone call, text, or email message to your friend can quickly make sense of such a post. Don’t reply to the message or even post back to them in social media. Instead, let him or her know this happened, let the social media platform know, and ask your friend to warn others that it’s a scam.
Pay attention to the senders, but don’t blindly believe that whomever sent you the text or message is who he or she says. It’s easy to spoof (impersonate) email addresses and even phone numbers these days. If you aren’t expecting to receive a link or attachment, don’t click it. Verify it first or ignore it altogether.
Sometimes phishers use the phone. This is called vishing. Often, someone calls offering to help you with a computer problem in exchange for a fee. Although there is a good chance you could use help with your computer, there is no way that Microsoft, Apple, or any other company will know without you telling them first that you are having an issue. Don’t give in to this tech support scam or any others that solicit money or ask for sensitive information without you initiating it.
Remember that government agents do not initiate communications via email or phone. A letter in the U.S. Mail is the first step. IRS scams are common and tend to increase in volume around tax season. Even if the so-called agent gives a name and badge number, don’t provide any information back to them. Instead, go to the IRS or other agency’s website and contact it that way.
If you find a USB drive lying around, don’t just pop it into your computer. Unfortunately, studies have shown that people are all too willing to do this and the results are not favorable. Often these include malicious files that open when they are inserted into the USB slots. Phishing often follows in some form. If the curiosity is too intense, take it to someone who can test it for malware first. However, it’s best to just toss it out and ignore it.
Following these guidelines will help you be the next victim of a Spanish Prisoner or Nigerian Prince scam. Your information belongs to you and if a person claims to need it, take the extra time to determine if they really do. That could save you or your organization from becoming a victim of identity theft or fraud.