Handle with care: avoid scams in Your Email:
- What is a phishing scam?
- How can you avoid phishing scams?
- How can you minimize the effects of a phishing scam?
Picture Mike’s Sugar Shack, a business specializing in quirkily name pastries, which is rocking the culinary arena.
One day, Mike gets a very official-looking email with the subject: “ALERT: your account has been hacked”. Inside is a link to a site where he can supposedly enter his business’ account info and see if he’s safe.
Mike’s concerned and considers clicking the link to see his account status. But he also knows this could be a scam, what move should Mike make?
Before you know if an online security situation is real or not, acting impulsively can be as bad as doing nothing. Taking a moment to consider the best way to proceed can help you stay safe online.
The email Mike got seems as suspicious as that milk that’s been sitting out since yesterday. In fact, it might be an example of “phishing”.
Phishing is when a hacker makes a message appear as if it’s coming from an official source like a government agency, business partner, or bank, tempting you to enter account or personal info and open an online door to danger.
Did an official-looking email appear in your inbox with a heart-attack-including message about your account? Remember A subject written to make you see red might just be a red flag.
See if the email has an attachment to open or a link where you can verify your info – if so, move your mouse away. There are often signs that something’s amiss.
Being cautious with your email isn’t just the type of warning your mom gave you about putting on a coat. A phishing scam can lead to identity theft or worse. Once you know what to look for, it’s important to know what to do next.
Some phishing is so blatant, you can immediately mark the email as spam and move on. But if you’re even 0.0001% unsure, you can do more to check its validity.
Look closely at who sent the email. Even if it seems like a reputable organization, do not click the link. Keep in mind, most major banks and government agencies have policies against asking you to address account issues through email links.
Instead, visit the company’s website and check your account directly or call the official customer service line to verify it’s an actual alert. This way, you’ll be going straight to the source, where you can wield the diving rod of truth.
If the email comes from an unknown source that still seems legit, search online to see if other people received similar messages and publicly reported a scam. Those who discover hoaxes are pretty pumped to tell the world about it.
If you’re still unsure, reach out to the company that sent you the email using a contact method provided either in a past statement from them or on their official website. Don’t use the contact info from the email – it could be part of the scam.
Keeping calm isn’t always easy. Remember Mike at the Sugar Shack? He panicked, clicked the link, and put in his account info. So should he freak out now? No way.
The first thing Mike should do is change the online password for his and his business’ vital accounts: his bank, credit card, social media, third-party suppliers, etc. It’s the first line of defence against attacks.
Each account will need its own unique, long, and complex password – that way, even if an account gets compromised, the damage can be contained, like in a movie where the snakes are just on the plane and not on the land below.
While he’s changing his passwords, Mike should also check his online account and payment settings to make sure the phishing hasn’t already led to something fishy.
Lastly, Mike can call his bank and secure any and all accounts, which can help keep the Sugar Shack’s finances from crumbling into a soupy mess.
Phishing isn’t always easy to pick out, but with a little thought, you can keep yourself from falling victim to online scam.
Things to do to fight phishing:
- Use unique, long, and complex passwords for each account
- Know how to get valid contact info for your financial institutions
- Keep close track of which financial companies you do business with
- Verify why contacts send me attachments
- Know how to access your account setting on 3rd-party sites
References: Google Webmasters, Think With Google, Google Primer