We read about it more and more every day: Someone had their personal information hacked by a cyber scam or phishing, resulting in identity theft. Please review tips on how you can protect yourself from cyber scams and phishing, courtesy of our Director of Information Technology, David Waters:
Nobody needs you to get them a gift card – ever! In your emails you can look at the sender and often tell if is not coming from who it says it is. For example mine is David Waters<firstname.lastname@example.org> if the email name doesn’t match the senders name or the address contained within < > does not match or the organization named (davidsonacademy.com) is not correct then just delete the message it is a scam attempt. Here are some examples:
Often these types of scam emails will look like they are coming from a leader at your organization.
If you get an email about a product you ordered that you did not order or a delivery attempt with a document or PDF attached it is most likely a scam or phishing attempt. If you truly are worried about a false charge pick up the phone and call the vendor you supposedly purchased from. NEVER open the attached invoice! For that matter, never open an attachment unless you are expecting something from that particular person. If you get an email with an attachment it is not a bad idea to text or call them to inquire if they actually sent you something.
What is phishing?
Phishing is an attempt to steal your money, or your identity, by getting you to reveal personal information -- such as credit card numbers, bank information, or passwords. Websites are used that look and pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website.
Here is an excerpt from Microsoft Support about how to spot and protect yourself from phishing:
Learn to spot a phishing message
Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals have been successful using emails, text messages, and direct messages on social media or in video games, to get people to respond with their personal information. The best defense is awareness and knowing what to look for.
Here are some ways to recognize a phishing email
- Urgent call to action or threats - Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they'll claim you must act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much or consult with a trusted advisor who may warn you.
Tip: Whenever you see a message calling for immediate action take a moment, pause, and look carefully at the message. Are you sure it's real? Slow down and be safer.
- First time or infrequent senders - While it's not unusual to receive an email from someone for the first time, especially if they are outside your organization, this can be a sign of phishing. When you get an email from somebody you don't recognize, or that Outlook identifies as a new sender, take a moment to examine it extra carefully.
- Spelling and bad grammar - Professional companies and organizations usually have an editorial staff to make sure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they're deliberate in an attempt to evade filters that try to block these attacks.
- Generic greetings - An organization that works with you should know your name and these days it's easy to personalize an email. If the email starts with a generic "Dear sir or madam" that's a warning sign that it might not really be your bank or shopping site.
- Mismatched email domains - If the email claims to be from a reputable company, like Microsoft or your bank, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers.
- Suspicious links or unexpected attachments - If you suspect that an email message is a scam, don't open any links or attachments that you see. Instead, hover your mouse over, but don't click the link to see if the address matches the link that was typed in the message. In the following example, resting the mouse over the link reveals the real web address in the box with the yellow background. Note that the string of numbers looks nothing like the company's web address.
Tip: On Android long-press the link to get a properties page that will reveal the true destination of the link. On iOS do what Apple calls a "Light, long-press".
Cybercriminals can also tempt you to visit fake websites with other methods, such as text messages or phone calls. Sophisticated cybercriminals set up call centers to automatically dial or text numbers for potential targets. These messages will often include prompts to get you to enter a PIN number or some other type of personal information.