At Phone Medics Plus, we’re committed to helping you keep yourself safe as you experience all the awesome things the internet has to offer. In previous posts we’ve talked about how to avoid getting malware and what to do if you think your computer has become infected. Today we’re going to change gears a little and talk about a threat that doesn’t typically attack your computer directly, but uses your computer as a platform for scamming you: phishing.
 |
| Not that kind of fishing. |
What is Phishing?
Phishing is social engineering scam that tries to trick you into surrendering sensitive information. With a typical phishing scam you receive a legitimate-looking email that appears to be from your bank, your credit card company, PayPal, etc. The message claims there’s a problem with your account, and provides you a link so you can sign in and fix it. But when you click the link, it doesn’t take you to your bank or credit card company’s actual website. Instead it takes you to a fake website designed to look like the real thing. When you sign in on this fake website, it captures your username and password and saves them, giving the scammers access to your account. When this happens, the results can get very serious very quickly. The good news, though, is that there are a few simple steps that you can take to protect yourself.How to Stay Safe
One of your strongest lines of defense is two-factor authentication. With two-factor authentication you provide your cell phone number, and the service you’re signing into texts you a single-use verification code when you sign in from a new computer. Because it’s so secure, two-factor authentication is being already offered by a huge number of online services, including Google, Facebook, PayPal, and most banks. With two factor authentication in place, accidentally giving out your username and password isn’t quite as scary, because when the scammers try to use it they’ll just be asked to enter an authentication code that they can’t get because they don’t have your phone.
Your second major line of defense is simple awareness: there are a few big clues that will tell you if an email you’ve received is actually a phishing scam. Simple spelling or grammatical errors in the text of the email are a dead giveaway - after all, scammers don’t hire writers to compose and proofread their emails like your bank does. The sender’s email address is another big clue. For example, if the message is really from PayPal customer service, it will be from service@paypal.com; a scam email will be from a very different email address. Also, legitimate customer service emails will nearly always include your name or username. An email addressed to “valued customer” or anything other than your name or username is likely a scam. Finally, you can check the URL of the link in the email. When you hold your mouse cursor over the link, you can see the actual address it takes you to. In a phishing email, the link will take you to an address that doesn’t match the site the email claims to be from. Going back to out PayPal example: in a legitimate PayPal email, any links will have “paypal.com” in the URL. A link in a phishing email won’t.
So, suppose you’ve gotten an email that you think might be fake - it’s from a different sender than it claims to be, there are spelling errors in the text, and the link doesn’t take you where it claims to - but you’re still worried that there might really be a problem with your account. What do you do? Well, fortunately, the answer is extremely simple: just go sign in to your account the way you normally would, instead of through the link in the email. If there’s really a problem, it will show up on your account page when you sign in. Or, if you prefer, you can also call customer service directly and ask if there’s really a problem.
Your second major line of defense is simple awareness: there are a few big clues that will tell you if an email you’ve received is actually a phishing scam. Simple spelling or grammatical errors in the text of the email are a dead giveaway - after all, scammers don’t hire writers to compose and proofread their emails like your bank does. The sender’s email address is another big clue. For example, if the message is really from PayPal customer service, it will be from service@paypal.com; a scam email will be from a very different email address. Also, legitimate customer service emails will nearly always include your name or username. An email addressed to “valued customer” or anything other than your name or username is likely a scam. Finally, you can check the URL of the link in the email. When you hold your mouse cursor over the link, you can see the actual address it takes you to. In a phishing email, the link will take you to an address that doesn’t match the site the email claims to be from. Going back to out PayPal example: in a legitimate PayPal email, any links will have “paypal.com” in the URL. A link in a phishing email won’t.
So, suppose you’ve gotten an email that you think might be fake - it’s from a different sender than it claims to be, there are spelling errors in the text, and the link doesn’t take you where it claims to - but you’re still worried that there might really be a problem with your account. What do you do? Well, fortunately, the answer is extremely simple: just go sign in to your account the way you normally would, instead of through the link in the email. If there’s really a problem, it will show up on your account page when you sign in. Or, if you prefer, you can also call customer service directly and ask if there’s really a problem.
What to Do if You Get Caught
Unfortunately, phishing scams can be very convincing, and almost anyone can fall prey to them. You don’t have to look very hard to find stories of high-profile executives or political figures falling prey to phishing scams, sometimes with dire consequences. So the next question is, what to do if you find yourself the victim of a phishing scam?
The first thing to do is change your password, not only for the site that was compromised, but for any other site where you use the same password. So if you realize too late that you’ve given your PayPal login to a scammer, the first step is to immediately go to PayPal’s website and change your password. If you don’t, you run the risk that the scammers will not only gain access to your account and wreak havoc with your finances, but that they’ll also change your password, making it harder to recover. The second step is to contact customer service. Most banks and credit card companies have established procedures in place for when their customers are victims of fraud, and can take steps to help you recover.
If more than just your login information to a financial website gets compromised - for example, if the scammers should manage to get hold of other sensitive information like your Social Security number and date of birth - then you might need to consider adding a fraud alert to your credit report or even freezing your credit, which will prevent new lines of credit from being opened in your name. All three of the major credit reporting bureaus - Experian, TransUnion, and Equifax - offer you the ability to freeze your credit via their online tools, and if you add a fraud alert to one of the service, it will automatically be forwarded to the other two.
At Phone Medics Plus, we’re not just committed to keeping your phone and computer running smoothly, we’re also committed to helping you keep yourself safe as you use them. Keeping yourself safe from phishing scams is one way to make sure you have the best possible experience with your technology.
The first thing to do is change your password, not only for the site that was compromised, but for any other site where you use the same password. So if you realize too late that you’ve given your PayPal login to a scammer, the first step is to immediately go to PayPal’s website and change your password. If you don’t, you run the risk that the scammers will not only gain access to your account and wreak havoc with your finances, but that they’ll also change your password, making it harder to recover. The second step is to contact customer service. Most banks and credit card companies have established procedures in place for when their customers are victims of fraud, and can take steps to help you recover.
If more than just your login information to a financial website gets compromised - for example, if the scammers should manage to get hold of other sensitive information like your Social Security number and date of birth - then you might need to consider adding a fraud alert to your credit report or even freezing your credit, which will prevent new lines of credit from being opened in your name. All three of the major credit reporting bureaus - Experian, TransUnion, and Equifax - offer you the ability to freeze your credit via their online tools, and if you add a fraud alert to one of the service, it will automatically be forwarded to the other two.
At Phone Medics Plus, we’re not just committed to keeping your phone and computer running smoothly, we’re also committed to helping you keep yourself safe as you use them. Keeping yourself safe from phishing scams is one way to make sure you have the best possible experience with your technology.
Comments
Post a Comment