Don’t Get Hooked by Phishing Attempts

October is National Cyber Security Awareness Month, which makes it a perfect time to focus on one of the most prevalent types of cybercrime: phishing. Phishing is when cybercriminals send fraudulent but genuine-looking emails to entice victims to provide personal information such as passwords or credit card information. 

You can easily be lured into a false sense of security when receiving a phishing email. These emails often contain familiar logos and headers or come from what seems to be a familiar contact, all with the end goal of trying to trick you into clicking a bad link or convincing you to enter information that could compromise your identity. Here are 10 tips to avoid getting hooked.  

1. Look at the actual “from” email address, not just the sender’s name. Be sure that emails supposedly from people in your contact list are from their genuine email addresses. 
2. Review the details of the sender’s address to be sure it is from the exact domain of a legitimate business or source. Phishers often spoof company domains by changing a letter in the name, such as acuty.com instead of acuity.com.
3. Don’t click on links in emails from unknown senders. Hover over them or right-click to see where they are trying to lead you and be sure the entire link address is legitimate. 
4. Look for misspellings, grammatical errors, strange formatting or fonts, or unnatural phrases in emails that supposedly come from an official or corporate sender. 
5. Watch for emails that try to create a sense of urgency, request sensitive information, or pressure you to bypass policies or procedures at work.
6. Check that the reply-to address matches the address of the person sending the email. 
7. Be wary of generic salutations (“Dear Customer”) from senders who should know you and be able to use your first or full name when addressing you. 
8. Beware of attachments, especially those that have strange names. They may contain malware that could allow a cybercriminal to lock out your system in exchange for money.
9. Always have a good antivirus software and keep it updated. 
10. If it sounds too good to be true, it probably is. 

You can find more tips from the United States Federal Trade Commission at OnGuardOnline.gov. And if you receive an email that smells "phishy," you can report it to organizations such as The Anti-Phishing Working Group (reportphishing@apwg.org), which utilizes a network of security vendors, financial institutions, and law enforcement to fight phishing.