July/August 2021 Issue
The number one type of online scam in 2020 should come as no surprise: According to the FBI’s Internet Crime Complaint Center, phishing remains by far the internet’s most prevalent threat. In the United States, people lost more than $54 million to the scam last year.
Phony emails and texts try to lure you into clicking through to a malicious website that’s designed to trick you into entering passwords and financial information: That’s phishing—and it’s getting worse, exacerbated by the pandemic and by the fact that it’s such a simple type of attack to pull off.
Phishers are also getting better at their trade, which means that consumers need to raise their level of vigilance. Here are six tips to help you avoid becoming a victim of a phishing attack.
1. Assume everything is a scam.
Sadly, we’re at the point where the smart move is to assume any message you receive involving money or account credentials, or that requests you to take any sort of action, is completely bogus—especially if time sensitivity is involved. “If the email or text is calling for the recipient to take urgent action or else experience a negative consequence, it is likely a phishing scam,” says Tom Kirkham, CEO of Iron Tech Security. “Legitimate companies will never send emails or texts threatening customers with an adverse action if something isn’t done quickly.”
It’s a cruel irony that scammers commonly prey on consumers’ fears that they are vulnerable to an attack or are already being taken advantage of (for instance: “Your account has been charged $300”), and assert that the only way to stop the damage is to take instant action. This tricks users into lowering their guard at the worst time.
2. Check the obvious warning signs.
It’s common knowledge that phishing attacks are filled with telltale indicators, but scammers have been getting better at grammar and spelling in recent years, and these glaring mistakes are becoming less frequent. While even the slightest typo should clue you in that a message is phony, look for additional signals: the use of “Dear customer” or a similar greeting, rather than your name; the suggestion that you use Whatsapp, WeChat, or another alternative messaging system to contact them; and anyone asking for payment or a donation in bitcoin.