Phishing, the fraudulent act of sending emails pretending to be from real or trusted sources but are in fact ruses designed to trick the recipient into giving up personal or financial information, is rampant. IRONSCALES, a security firm, estimates that 4 out of 5 organizations globally have seen an increase in email phishing attacks in the last three years. According to Verizon, around 25% of all data breaches involve phishing. The threat is real and constant.
At Allied Healthcare Federal Credit Union, we’ve written before about evergreen best practices to protect yourself against phishing so here’s a quick rundown:
- Always check the address a suspicious email is coming from. Phishing emails can look close but aren’t exactly the same as where they pretend to be coming from (for example, a phishing email purporting to be from Netflix might ask you for your account information but comes from an address like firstname.lastname@example.org or email@example.com)
- Inspect links before clicking them. If you receive a suspicious email asking you to click on a link or button (example: Congrats! You’ve won a $50 Best Buy Gift Card. Click here to redeem!) right-click on the link and inspect it. If the url is overlong, shortened using a link shortener like bit.ly, or directs to a website different from one associated with the company that is allegedly sending you an email, it may be a phishing attack
- If you are being asked to reveal any information like a birthday, social security number or password, double check the request by calling the company or individual the email is supposed to be from
These behaviors will keep you on alert for many phishing attacks but fraudsters change their methods to attempt to elude detection. For example, as energy costs are rising, phishers have increasingly sent out scams offering rebates or discounts on energy bills to appeal to a very real anxiety that folks are feeling right now.
If you receive an email claiming to offer refunds or other savings on energy bills, be very cautious. Scammers might try to force action with urgent deadlines or professing that the offer is exclusive. They may even know which energy company you use in your home. However, before you click on a link or reveal any information, make sure you know the email is legitimate.
Further, there has been in increase in fraud agents using a security measure against their victims. Multi-factor authentication (MFA) is a wise policy for your most secure information. If you have an account that requires a special code sent by text or phone call before you can log in, you, like 80% of Americans, have at least one MFA.
As smart as MFAs are, spammers will try to use them to access your info, using your credentials to attempt to log into an account and triggering a multi-factor verification, sometimes late at night, hoping that you will unwittingly give them access. It’s important to never approve an MFA notification you haven’t requested. If you get a phone call or text from an organization that provides you with a code or a verification link without attempting to log in yourself, notify that organization at once.
Scammers will try to lure you into a false sense of security. Stay on alert and protect your information.