Phishing schemes are attempts to steal sensitive personal information such as passwords, credit card numbers, social security numbers, etc., through the distribution of fraudulent email messages.
And they can happen to anyone, and any company. Whether it’s a specific attack on our company, or it’s an attack on your personal email account, there are a few things you should know about every phishing attack.
- Stop clicking links in your email. That unfamiliar company that sent you a confirmation email receipt for the software you purchased, even though you don’t remember the purchase, is really attempting a phishing scheme.
- Hone your inner spelling bee champ. Learn to be suspicious of any grammatical mistakes in an email. Large companies pay someone to proofread everything that’s sent.
- Double-check the URL. If you’re still going to click on links in your email, hover over the link with your mouse to see the full address. Hackers are notorious for creating websites like www.cool.example.com, or having a link say www.coolexample.com when it actually goes to www.cool.example.com. Safest bet: Use a search engine to locate that company and manually enter the URL you find.
- Change is inevitable. It’s always a good idea, especially if you just fell for a phishing attack, to change your passwords. For more information, see Generating a Strong Password.
- Send out an S.O.S. Use a search engine to find out how to inform your personal email provider, or the legitimate company that’s being spoofed by the phishing attack. If you need to email us, be sure to send it to email@example.com. Make sure to forward it as an attachment.
- Don’t unzip. Never ever unzip an attachment. Legitimate companies don’t attach .zip files, or really any attachment.
Be diligent. Always remember to follow these steps to minimize phishing attacks both internally and externally.