Recognizing Phishing

Recognizing Phishing

Phishing refers to the act of trying to get personal information under false pretenses. Phishers who initiate these attacks may try to get user names, passwords, bank account information, credit card details, and more from their victims ultimately resulting in identity theft.

Phishing attacks most often occur through e-mail, and because business e-mail addresses are more accessible than personal ones, people are especially at risk in the workplace. A phishing e-mail will usually look like it's from a legitimate source. The e-mail (or website or phone call) will appear to be coming from a place the victim recognizes, like their bank, credit card company, or even a social network site. Thinking the source is legitimate, the victim will then answer questions or enter information that gives the phishers their personal details.

Understanding that these types of attacks occur allows you to be on the lookout for them and to advise your associates. Here are a few specific tips for recognizing a phishing attempt:

  • Legitimate businesses or financial institutions will rarely ask you for your personal information by e-mail.
  • Phishers often use scare tactics and emotional language to intimidate their victims into responding. For example, "you need to respond now or we will put your account on hold."
  • Links in phishing e-mails may be not quite right. For example, an O being replaced with a zero or additional text at the beginning or end. Before you click on a link, hover over the text to see where it is pointing.
  • Phishing e-mails often have spelling and grammar mistakes. While reputable organizations proofread carefully, phishers do not.

If you think you've received an e-mail that's an attempt to get your information, you could just delete it. However, if you're concerned that it could be legitimate, your best option is to contact the company directly through other means. For example, if you receive an e-mail that looks like it's from your bank, but you're not sure, call the number on your statement. That way you'll be sure the person on the other end is who they say they are. It’s always better to be on the safe side when it comes to the security of your business.