A Phishing Q&A: Common Phishing Scam Tactics and Tips to Stay Safe

You’ve likely heard the advice “Beware of phishing attacks” but you might not know exactly what a phishing scam is or the many forms it can take. In this post, I will provide a phishing definition, talk about some of the most common phishing scams out there, explain how to identify a phishing attack, and share a few tips to help you stay safe.

What Is Phishing?

“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” according to the U.S. Computer Emergency Readiness Team (US-CERT), which works with the Anti-Phishing Working Group to collect phishing emails (send them to phishing-report@us-cert.gov if you get one) in order to “help people avoid becoming victims of phishing scams.”

Often times phishing scams arrive via email looking like they were sent from a legitimate organization — Google, Chase, Dropbox or one of the other top 10 most impersonated sites or perhaps from a friend or family member (maybe their email was hacked).  The email will contain a link or website address designed to get you to share valuable personal info, like Social Security numbers, account numbers, login IDs and passwords.

“Scammers use your information to steal your money or your identity or both,” according to the Federal Trade Commission. They might also use those phishing scams to get access to your computer and then install ransomware or other types of malware.

Hackers like to capitalize on your fear regarding recent data breaches, like the massive Equifax data breach. Right after the breach, scammers registered hundreds of web addresses similar to the site Equifax set up regarding the breach, including easily-made misspellings people might accidentally type.

On average, there are 46,000 new phishing sites created each day, which comes out to nearly 1.4 million a month, according to Webroot Quarterly Threat Trends Report.

What Are The Most Common Types of Phishing Attacks?

  • Phishing Emails are email messages that attempt to lure a victim to click a dangerous link, download a malware-ridden attachment or give up a password or other personal information that could be used to steal money or your identity.  
  • Spear Phishing is a very targeted type of attack where the hacker has done enough research about the organization and internal workings to craft personal emails that might be construed as legit.
  • SMS Phishing, also called Smishing, is phishing carried out via Short Message Service (SMS).
  • Voice Phishing or Vishing is when a scammer calls claiming to be from your bank, the Federal Government, utility company etc. trying to get sensitive information from you over the phone. They might leave a weird voicemail with an automated voice or be a live person on the phone.

What Can I Do to Stay Safe?

  • Look Carefully Before You Click

So how can you tell the difference between a real email and a phishing email?

Take a really close look. Does the email use your real name or a generic opening? What is the sender’s email address? Are there any misspellings? Is there weird phrasing in the body of the email instead of the well-written and professional correspondence the company usually sends? When in doubt, compare the suspect email to a previous one from the company. Also, you should know that the most commonly clicked phishing emails include urgent calls to action, using words like “expires,” “required,” “immediately,” “notification” and the like. If in doubt, make a phone call to your family member, friend, bank, etc. and check.

  • Don’t Give Out Personal Info Over the Phone

Don’t answer phone calls from numbers you don’t recognize. If you do, don’t give out personal or financial information. You should only give out this information if you initiate the call to a phone number you know is correct.

“Don’t trust your caller ID scammers can spoof their numbers so it looks like they are calling from a particular company even when they’re not,” according to the Federal Trade Commission.

  • Sign Up For An Identity Restoration Membership

Scammers use phishing as a way to get personal information they can use to steal your identity. Identity Restoration services, also sometimes called recovery services, are “designed to help you regain control of your good name and finances after identity theft occurs,” according to the Federal Trade Commission.

LibertyID is the AAA of identity theft protection, offering the most effective identity theft protection and restoration service. Sign up for an annual subscription and rest easy knowing that if your identity is stolen, we will fix it. But just like with AAA, you have to be covered before there’s an incident.

Are you protected from identity theft?
Get Protected