So how do you know if an email is a potential phishing attack? Most legitimate institutions that contain sensitive information will never send you an email and ask you personal questions. This includes banks, email services, internet service providers and stock traders. As a matter of fact, many times you’ll notice legitimate businesses attach a clause at the end of them email which reads: “we will never ask for your personal information.”
When in doubt, pick up a phone. Don’t call a phone number listed in the email, either. Use the good old yellow pages or as a last resort hit up a search engine for contact information. There is no substitute for a live human being on the other end of the line!
One of the most popular questions I receive in the field from the usually upset customer who has been affected by this is “why??” Well honestly it usually comes down to monetary gain. Eventually someone somewhere is getting money in the end. The persons responsible for the attack may want to use your email address to spread a remote-control virus. Or perhaps they want to launch an attack from your email address, thus protecting themselves from authorities behind your identity. Maybe they are going straight for the jugular, your online banking information.
There are several things to keep in mind in order to protect yourself. First, it’s important to know that these phishing attacks may not involve a virus or spyware infecting your computer and therefore will usually NOT be blocked by your antivirus software. Second, if you see a suspicious email asking for information or stating that your information has been compromised, thus asking you to “do something” via the internet to fix it…DON’T. Contact your institution directly from a phone number not obtained in the email. Do not delete the email until after you contact them, they may want you to send a copy to them for further investigation.
Lastly, make sure your password is strong. Do not use birthdays, common phrases (like “admin,” “password,” “1234,” etc) for the password. Instead try something crazy that mixes up letters, capitals, and numbers. Example: g0AwayM1ne! Change your passwords every once in a while too.
If you suspect you have fallen victim to a phishing attack, contact your institution and/or your email address provider and let them know what has happened. This should help you from falling victim to this dangerous social engineering scam.