So how do you spot a phishing attack?
Start by looking for some of these characteristics:
Sensitive information, such as login credentials, intellectual property, business information, or your own personal information, is requested. l The email or phone call offers a powerful incentive to reply—perhaps with a purported job opportunity or financial reward. l A sense of urgency is conveyed. For example, the sender really needs your help right now, or you have only 24 hours to lock in an opportunity. l The message seemingly originates from a person you trust, but the tone and wording doesn’t quite seem like them. l The email contains a link to an unusual attachment,
often in a format you don’t recognize. l The message contains bad spelling or bad grammar. (Yes, there are still plenty of these old-school phishing at-tempts circulating on the web!)
What to do
Here are some expert tips on how to handle communication, especially email, in a way that will thwart nearly all phishers: l Start by ensuring that your PC or mobile device has all appropriate malware protection, and that your software is up to date. Many phishing attacks bet on finding victims whose computers lack sufficient protection. l Be very skeptical about links and attachments in messages—even if those messages appear to come from people you know. Often, if you hover your mouse over a link, that link’s actual web address will appear. This thwarts a common phishing trick: disguising, or “spoofing,” a link. l No matter how authentic an email appears, never let it persuade you to do anything that violates laws, rules, or company policies. l Use common sense. In this day and age, do you really think that your bank, the IRS, or your manager want you to disclose sensitive information in an email? l Don’t be rushed. That awesome opportunity will still be there tomorrow, no matter what the emailer says.