I’d like to imagine that if I were a fish I would be smart enough to avoid the worm dangling from a hook attacked to a string that goes up out of the water, but maybe not. A worm wriggling on a hook probably looks a lot like any other worm thrashing around in the water, so maybe I would need a fish smarter than me to point out the signs to look for to tell the difference. The same things goes for phishing scams–at least the good ones that aren’t obviously phishing scams.
I wrote a blog post about ways to identify and avoid phishing attacks:
Can you recognize a phishing scam email when you see one? Do you know what signs to look for to identify a phishing attack, and avoid becoming a victim? In honor of National Cybersecurity Awareness Month, PhishMe has developed an infographic with helpful tips to keep you safe and secure.
PhishMe points out the usual, common-sense things you should do to avoid getting compromised—by either phishing scams or malware exploits. Don’t open unknown file attachments or click on links in suspicious emails, and don’t enter your credentials on login pages linked from email messages.
Hopefully that goes without saying at this point for emails you receive from unknown sources. It doesn’t take a rocket scientist to realize that you aren’t expecting a package from UPS, or you haven’t actually conducted business that would involve a suspicious email with a cryptic “invoice” attached. Don’t let curiosity get the best of you. You can be fairly sure it’s not legitimate—and even if it is, you know it’s not for you. Just delete the message.
Some messages are crafted better than others, though, and might not stand out as obvious phishing scams. Case in point: I recently received an email from my best friend. The subject was simply “Check this out,” and the body consisted of a terse exclamatory statement, and a link to click. It was odd in the first place, because my friend and I don’t exchange emails very often. Add in the vague subject line, the urgency of the body text, and the bizarre URL, and the message definitely raised some red flags.
Read the full story at PCWorld: Spot phishing scams and don’t take the bait.