Phishing 101: How Not to Get Hooked

You’d think that it would be as easy as pie to avoid getting reeled in by a phishing scam. After all, all you need to do is avoid clicking on a link inside an email or text message. How easy is that?

A phishing scam is a message sent by a cybercriminal to get you to click on a link or open an attachment. Clicking on the link or attachment downloads a virus, or takes you to a malicious website (that often looks like real site).

You are then tricked into entering user names, passwords and other sensitive account information on the website that the scammer then uses to take your money, steal your identity or impersonate you.

Intel Security recently designed a quiz to help people identify a phishing email. Sometimes they’re so obvious; for example, they say “Dear Customer” instead of your actual name, and there are typos in the message. Another tip-off is an unrealistic “threat” of action, such as closing down your account simply because you didn’t update your information. Some scammers are more sophisticated than others and their emails look like the real thing: no typos, perfect grammar, and company logos.

The quiz showed ten actual emails to see if all of us could spot the phishing ones.

  • Out of the 19,000 respondents, only 3% correctly identified every email.
  • 80% thought at least one phishing email was legitimate.
  • On average, participants missed one in four fraudulent emails.

The biggest issue may not be how to spot a phishing scam as much as it is to simply obey that simple rule: Don’t click links inside emails from unknown senders! And don’t download or click on attachments. Now if you’re expecting your aunt to send you vacation photos and her email arrives, it’s probably from her.

But as for emails claiming to be from banks, health plan carriers, etc.…DON’T click on anything! In fact, you shouldn’t even open the message in the first place.

And I can’t say this enough: Sorry, but you aren’t special enough to be the one person to be chosen as the recipient of some prince’s lofty inheritance. And nobody wins a prize out of the blue and is emailed about it.

A few more things to keep in mind:

  • An email that includes your name can still be a phishing scam.
  • Don’t fret about not opening a legitimate message. If it is, they’ll call you or send a snail mail.
  • You can also contact the company directly to see if they emailed you anything.

Want to see how your phishing skills stack up? Take the Intel Security quiz, here.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead