Phishing is defined as the activity of defrauding an online account holder of financial or personal information by posing as a legitimate company.
Here are some tips to help you avoid being scammed.
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email.
- Pay attention to the website’s URL or email address. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net). Likewise, email addresses often look correct, but upon closer inspection, they are not. For example, one scam received here at Brewster came from email@example.com — look closely at how brewster is spelled. Very tricky!
- Be very careful before clicking on hyperlinks or links attached in an email, as it might direct you to a fraudulent website. You can sometimes hover over a link and look to see the address it will take you to. If you want to go to a legitimate website, type in the URL directly into your browser or use bookmarks / favorites if you want to go faster.
- Your bank will never ask you to send your passwords or personal information by mail.
- Before sending sensitive information over the Internet, check the security of the website. In order for a site to be ‘safe’, it must begin with ‘https://’ and your browser should show an icon of a closed lock.
- Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information.
- Don’t be swayed by threats of account closure or monetary penalty. If you are concerned, pick up the phone and call your financial institution directly.
- Most phishing attacks are against banks, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc.
- Beware of phone phishing schemes. Do not divulge personal information over the phone unless you initiate the call. Be cautious of emails that ask you to call a phone number to update your account information as well.
- Beware of browser pop-ups and follow these tips:
- Never enter personal information in a pop-up screen.
- Do not click on links in a pop-up screen.
- Do not copy web addresses into your browser from pop-ups.
- Legitimate enterprises should never ask you to submit personal information in pop-up screens, so don’t do it.