Periodic reminder to avoid phishing scams. Whenever you get a concerning email, message of popup, avoid reacting to it. Definitely don't click on anything in the message. Analyze it logically and rationally. If you get an unsolicited message or one telling you an account has been "hacked" or is "locked" most likely it is a phishing scam.
Here are some indicators and actions:
1) Is the message addressed to you personally? If it doesn't have your first name or username, it's pretty certain (but not always) that it is a mass-emailed message.
2) Bad grammar, awkward phrasing, misspelled words. It's very rare that a corporate generated email will be thrown together and not proofread. Now, I have seen occasional spelling and grammar errors on legitimate messages, but when the entire message is filled with them it's malicious.
3) Check the email header. Where is the email originating from? What page is the address or web link leading you? If it isn't where it says it's from, you'll know it's not legit. The header may look like a bunch of garbled nonsense and theres a bit of a learning curve to deciphering it, but once you figure it out, it'll be like reading a book.
4) Do you have an account with who the message is from? If not, it's fake. If you do, open a separate browser tab and manually log in (don't log in with the link on the message). Check your account to see if there is any unusual activity. Check the messages on your account page (if applicable) to verify any messages you get in your email inbox, texts or popups. If your account has been compromised, change your password and resolve the problems from the page you logged into.
5) Report any suspicious activity to your email provider and if it's serious enough, to law enforcement or the FBI. They already know about Nigerian 419 scams and typical phishing messages, so don't bother them with those. If you are being threatened, extorted or harassed, these are the messages they may want to know about though.
6) If you're suddenly getting a plethora of junk emails and phishing attempts, you might want to think back on who (an individual) or what website you may have done business with recently. Some "businesses" will not only rip you off, but also harvest your email address or phone number and sell the lists to other scammers and mass-advertisers. If that is the case, you may have to do some damage control. Hopefully you haven't compromised any personal information that could lead to identity theft.
7) Be careful at where you do business with in the first place. Some businesses can look convincing, but still rip you off and steal your personal information. If it looks sketchy or if something just doesn't add up, don't buy from them or sign up for anything. As an extra precaution, you may consider clearing your browser history and cookies, especially from that particular site. This is no guarantee that you haven't been infected with malware though.
8) Run a reputable antivirus/anti-malware app and keep it updated. The clue here is reputable. Several people have come to me with their computers in desperation after they've clicked on some popup that said their computer is infected and they need to scan or download their computer with their software. Reputable antivirus companies don't do this. If you get a popup from some app or site you didn't install on your computer (or that didn't come pre-installed), you can bet that it is malware posing as antivirus software.
9) Be judicious with who you give your email address and phone number to. You may be inclined to hand your business card out to everyone under the sun or shotgun your résumé all over the Internet. You may also sign up for contests and sweepstakes at trade shows and the like. Don't be surprised then that you'll get spammed, robo-called and pestered until you can't stand it anymore. You may also get unsolicited junk and calls from those you didn't sign up with. Play stupid games, get stupid prizes.
10) Be careful when using unsecured networks. You never know who is lurking at the coffeeshop, airport, hotel or even your school Wi-Fi. Opt out of storing your credit card numbers and personal information that could be compromised for identity theft on your computer. It may be a pain to have to re-enter that information every time, but it's just an added measure of security if you ever use unsecured networks.
11) Never let your kids or anyone else use your phone or computer when it's logged in under your name. That's just asking for trouble. You might not personally get into trouble using the Internet, but leave it to someone else to do it for you.
12) Avoid falling asleep while using your device or using your device when tired. I'm guilty of this myself. I don't know how many times I've accidentally clicked on something as I was drifting off to sleep and my fingers are not in control. There is so much garbage content on web pages that you can hardly miss it if your fingers are wandering.
There are other measures and indicators that I most likely didn't mention. Scammers are always one step ahead of the masses and they'll get their money from those who aren't careful. The bottom line is to be vigilant and don't react or panic, but use critical thinking skills when online (which includes your phone).
No comments:
Post a Comment