What is phishing? If you answered with anything about a day off on a boat with rods and lures, you’re very wrong. Phishing (with a PH and not an F) is defined as the fraudulent practice of sending emails pretending to be from reputable companies or persons in order to get individuals to reveal personal information, such as passwords and credit card numbers. The email will usually sound urgent, but generic, and will openly request private information from you.
Still confused? Below is a basic example. Try to picture this email from your electric company, with whom you’ve set up automatic payments with:
Your recent payment was not applied. Please log in and update the credit card we have on file for you immediately. If you fail to do so, your account will be deactivated. Please go to www.link.com to update.
The link will look as close to legitimate as possible, but there are always small details that can help you identify what’s real and what isn’t. Most of the time, the company name within the link presented will be misspelled or contain a symbol or number.
Also, check for misspellings and poor grammar throughout the email itself. Reputable companies like your electric company or cell phone provider will not have blatant grammatical or spelling mistakes. For example, AT&T probably has an entire department that is dedicated to making sure the email copy is written correctly before it sees any customers.
Hackers, on the other hand, do not have proofreading departments to check their work, so misspellings and grammatical errors are sometimes the easiest way to identify a phishing email.
Common sense is another great weapon in your arsenal. Would your electric company really deactivate your account so quickly? Is your bill even due? Cross-check the information and see if it’s relevant and/or plausible.
If the email passes the common sense test and doesn’t have any spelling or grammatical mistakes, but you still have a weird feeling about it, you have some options to see if it’s a phishing email or not. Here are a few ideas. Take them with a grain of salt.
- Do not click on the link. Instead, type the website into the URL bar yourself—not the whole thing, though. If it’s supposedly coming from Verizon, only type in verizon.com or just Google “Verizon”—leave out the rest. You’ll be able to find billing or whatever it is you need from Verizon’s legitimate homepage.
- If you clicked the link (which we do NOT recommend if you think it may be a phish) and you’re at a login screen, use the wrong password. As a warning, even if the site says it’s the wrong password, you’re not totally in the clear. You already clicked the link.
- If you clicked the link and a pop-up immediately displays, exit out of your browser immediately, re-open a new window and follow tip #1.
Most web browsers and operating systems have anti-phishing capabilities built-in. All browsers are different but it’s always best practice to ensure your security panel is properly set up to include phishing protection. You’ll get warned of any malicious sites you may come upon.