Phishing

Common phishing attacks

• Email phishing: The most common type of attack, where hackers send emails that appear to be from legitimate companies to steal personal information. These emails often claim suspicious activity, a problem with payment information, or a fake invoice to prompt a quick response.
• Smishing (SMS phishing): Attacks that use text messages to deliver malicious links or phone numbers. For example, a text may say your bank account has been compromised and you must respond immediately.
• Vishing (voice phishing): Scams conducted over the phone, where attackers impersonate customer service representatives, government officials, or tech support to persuade victims to reveal information or make payments. With modern technology, voices can even be cloned to sound more believable.
• Social media phishing: Scammers use social media to deceive people through fake posts, profiles, or instant messages. Angler phishing is a related tactic where attackers impersonate a company's customer support to prey on users who complain publicly on social media.
• Clone phishing: A sophisticated attack where scammers create an almost identical duplicate of a legitimate email and send it with malicious links, often to trick frequent online shoppers or banking users.
• Wi-Fi "Evil Twin" attacks: Scammers set up a fake, but legitimate-looking, Wi-Fi hotspot to intercept data from anyone who connects to it.

How to recognize and avoid phishing scams
To protect yourself and your family from these attacks, be aware of the following warning signs: 

• Urgent or threatening language: Scammers create a false sense of urgency to pressure you into acting without thinking. For instance, they might threaten to suspend your account or issue a fine if you don't respond immediately.
• Requests for sensitive information: Legitimate companies will not request personal information, passwords, or credit card numbers via unsolicited email or text message.
• Generic greetings: Phishing emails often use generic salutations like "Dear Customer" instead of your name.
• Spelling and grammar errors: While AI is making phishing emails more sophisticated, poorly worded messages or obvious typos can still be a major red flag.
• Suspicious links and attachments: Before clicking, hover your mouse over a link to see the real URL it leads to. The address may be a slight misspelling of the real company, such as "rnicrosoft.com" instead of "microsoft.com". Never open an attachment from an unfamiliar or suspicious sender. 

What to do if you suspect a phishing attempt

1. Don't click, reply, or download anything. Interacting with the message can provide information to the scammer or install malware.
2. Report the message. Most email and social media platforms have a feature to report phishing attempts. At home, you can report it directly through your email provider. You can also report fraud to the Federal Trade Commission (FTC) at IdentityTheft.gov.
3. Delete the message after reporting it.
4. Go directly to the source. If you get a suspicious email from your bank, don't use the links provided. Instead, navigate to the bank's official website by typing the address yourself or using a trusted app.
5. Use multi-factor authentication (MFA). Enable MFA on all accounts that offer it. This requires a second form of verification to log in, making it much harder for scammers to access your account even if they get your password.
6. Protect your devices. Keep your operating systems, browsers, and security software—including anti-virus and anti-phishing tools—up to date. This ensures you have the latest defenses against new threats.
7. Back up your data in case of a successful attack that installs ransomware or other malware.