Phishing 101: How Not to Get Hooked

You’d think that it would be as easy as pie to avoid getting reeled in by a phishing scam. After all, all you need to do is avoid clicking on a link inside an email or text message. How easy is that?

A phishing scam is a message sent by a cybercriminal to get you to click on a link or open an attachment. Clicking on the link or attachment downloads a virus, or takes you to a malicious website (that often looks like real site).

You are then tricked into entering user names, passwords and other sensitive account information on the website that the scammer then uses to take your money, steal your identity or impersonate you.

Intel Security recently designed a quiz to help people identify a phishing email. Sometimes they’re so obvious; for example, they say “Dear Customer” instead of your actual name, and there are typos in the message. Another tip-off is an unrealistic “threat” of action, such as closing down your account simply because you didn’t update your information. Some scammers are more sophisticated than others and their emails look like the real thing: no typos, perfect grammar, and company logos.

The quiz showed ten actual emails to see if all of us could spot the phishing ones.

  • Out of the 19,000 respondents, only 3% correctly identified every email.
  • 80% thought at least one phishing email was legitimate.
  • On average, participants missed one in four fraudulent emails.

image001

The biggest issue may not be how to spot a phishing scam as much as it is to simply obey that simple rule: Don’t click links inside emails from unknown senders! And don’t download or click on attachments. Now if you’re expecting your aunt to send you vacation photos and her email arrives, it’s probably from her.

But as for emails claiming to be from banks, health plan carriers, etc.…DON’T click on anything! In fact, you shouldn’t even open the message in the first place.

And I can’t say this enough: Sorry, but you aren’t special enough to be the one person to be chosen as the recipient of some prince’s lofty inheritance. And nobody wins a prize out of the blue and is emailed about it.

A few more things to keep in mind:

  • An email that includes your name can still be a phishing scam.
  • Don’t fret about not opening a legitimate message. If it is, they’ll call you or send a snail mail.
  • You can also contact the company directly to see if they emailed you anything.

Want to see how your phishing skills stack up? Take the Intel Security quiz, here.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.