Seeing the recent uptick in phishing scams locally, the City of Texarkana Texas IT department has passed on some tips on how to avoid being caught up in a phishing scam and losing money.
Over the last few months, a number of local businesses have been victimized online with fishing scams. Phishing is the sending of fraudulent emails posing to be certain people or companies to try to steal personal info, like passwords and credit card numbers. After a recent scan of city computers showed a PC with some malicious phishing software and a couple of email accounts were found to have been affected. The problem was discovered quickly and taken care of, but Lisa Thompson with the City of Texarkana Texas got with the city’s IT department and put together a list of the Top 9 Ways to Avoid Phishing Scams in hopes of saving others some money and trouble…
9. Think Before You Click! – It’s fine to click on links when you’re on trusted sites. Clicking on links that appear in random emails and instant messages, however, isn’t such a smart move. A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly like the real website. Most phishing emails will start with “Dear Customer” and not your name, so you should be alert when you come across these emails. When in doubt, go directly to the source rather than clicking a potentially dangerous link by typing the web address into your browser.
8. Keep Your Browser Up to Date – Security patches are released for popular browsers all the time in response to the security loopholes that phishers and other hackers inevitably discover and exploit. If you typically ignore messages about updating your browsers, stop. The minute an update is available, download and install it.
7. Keep Informed About Phishing Techniques – New phishing scams are being developed all the time. Keep your eyes peeled for info about new phishing scams. By staying informed, you will be at much lower risk of getting snared by a scam.
6. Never Give Out Personal Information – As a general rule, you should never share personal or financially sensitive information over the Internet. This rule spans all the way back to the days of America Online when users had to be warned constantly due to the success of early phishing scams. When in doubt, give the company a call. An Internet user should never make confidential entries through the links provided in an email. Never send an email with sensitive information to anyone. Also, Make it a habit to check the address of the website. A secure website always starts with “https”.
5. Don’t Be Scared – Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
4. Be Wary of Pop-Ups – Pop-up windows often masquerade as legitimate components of a website. All too often, though, they are phishing attempts. Many popular browsers allow you to block pop-ups, or allow them on a case-by-case basis. If one manages to slip through the cracks, don’t click on the “cancel” button; such buttons often lead to phishing sites. Instead, click the small “x” in the upper corner of the window.
3. Enhance the Security of Your Computer – Common sense and good judgment is as vital as keeping your computer protected with a good antivirus and Spam filter to block this type of attack. In addition, you should always have the most recent update on your operating system and web browsers. If your pc alerts you that it’s time to perform updates- make time to perform updates.
2. Learn to Identify Suspected Phishing Emails – There are some qualities that identify an attack through an email:
They duplicate the image of a real company.
Copy the name of a company or an actual employee of the company.
Include sites that are visually similar to a real business.
Promote gifts, or the loss of an existing account1. When in doubt, give IT a Shout! – if you are ever the slightest bit in doubt contact your IT department or trusted IT professional. The cost of remediation in both time and money isn’t worth the chance. Even verifying via email to the person who sent the message isn’t a guarantee as a lot of the newer phishing viruses have an auto reply component that sends a guarantee of safety when they detect an incoming query.
IT’S BETTER TO BE SAFE AND CHECK WITH A PROFESSIONAL YOU TRUST THAN TO TAKE A CHANCE.