Scammers do this by contacting you through a phone call or email under the guise that they are a legitimate company. They often gain an unsuspecting victim's trust because their communications are strikingly close to a trusted business.
These deplorable people often ask for the following:
- Passwords to your accounts
- Bank account details
- Credit details
- Tax Identification Numbers
Once you give them the information that they were looking for, that's it. Your data and or your finances are compromised.
Unfortunately, people get hooked all the time. According to the 2017 FBI Internet Crime Report, it is estimated that people lost $30 million from phishing schemes.
It is your job to educate yourself and your team about cyber safety. Prevent the risk of data breach, theft, and avoid the headache that comes along with becoming a victim of phishing.
Clear signs of a phishing attempt to look out for:
- Virtually no company will ever directly ask you for your password through an email. If you see this, do not respond and do not click on any links in the email.
- All requests for credit card information, social security numbers or bank account details should be ignored.
- Avoid requests to verify personal data. Sometimes the scammer has gained access to some or all of your personal information and will ask you to verify if it is correct. Do not fall for this!
Here are some recommendations that will help you from becoming a victim of a phishing scam:
- Never submit any information to unknown sources.
- Never click suspicious links.
- Always verify that you are communicating with a legitimate sender. Look at the sender's email address carefully and closely examine how their email is formatted (scammer's emails usually have unusual wording, horrible spelling and grammar).
Notice in the above example how general the language is? A legitimate company would use your first name and the email would be from an official address.
- Always use security software on your computer.
- Always use MFA to protect your accounts.
Only take action on emails that have a legitimate presentation and you are expecting contact from. If you are ever unsure about an email you receive contact the sender through an alternative method for verification.