October is National Cyber Security Awareness Month—time to focus on safer ways to shop, search, socialize, and do everything else online. Throughout the month I’ve been posting articles to remind you of best practices for online activities.
Phishing is when someone tries to get usernames, passwords, credit card details, or sensitive information for malicious reasons. They usually do this by pretending to be a trustworthy entity.
For example, someone may send you a fake message that tries to get you to click a link, enter your user ID and password, or open an attached file. The message will look real, but if you do what it says, your computer, phone, tablet, or other device could become infected with malicious software (called “malware”) that could steal valuable information and open the door to criminals.
Attacks to Watch For
- E-mails promising easy money. For example, a notice that you’ve won the lottery or a request from a “foreign dignitary” who needs your help to transfer money. If something seems too good to be true, it almost always is.
- Odd or suspicious e-mail from someone you know. For example, “Hello. This is Jim. Check out this link.” If this is from someone you don’t regularly communicate with, and it looks to be auto-generated, you can assume that his contact list has been hacked.
- A message that creates a sense of urgency or requires you to take immediate action. For example, a message from your bank saying that your login has problems and you need to change your credentials. Rather than clicking the link, go to the bank site directly and log in.
- E-mail with attachments you weren’t expecting. Opening these attachments could download malicious software.
- E-mail addressed to “Dear Customer” or something similar.
- Messages containing multiple spelling mistakes or poor grammar.
- Links in the message that seem suspicious.
Check Links Before You Click
Below is an email I got asking me to update my account information. But it wasn’t from Chase Bank. If I had clicked the link and logged in, my account information would have been stolen.
Before you click, stop and think. If it looks like it might be something legitimate, but you’re not sure, here’s how to check the link:
- Hover your cursor over the link, but don’t click.
- Check the pop-up information that appears showing the full link URL. (It may display next to the link or it may show up in the status bar of your browser.) Does the pop-up information match what the link text says? If not, there’s a chance it’s an unsafe link. Be sure the domain name is correct. For example, scam-ebay.com is not from ebay.com and mybank.email.com is not from mybank.com.
- If hovering doesn’t tell you enough, right-click the link and copy the URL. (Click the appropriate menu item, such as Copy Shortcut, Copy Link Location, or Copy Link Address.)
- Go to a link scanner and paste the URL you copied. Below is a list of websites that will analyze the URL and tell you if it is safe.
- Online Link Scan gives a simple summary without a lot of analysis.
- URLVoid is good for checking most URLs.
- Sucuri is good for checking shortened URLs like those from bit.ly, ow.ly, and TinyURL.
- SiteAdvisor is a free application download sponsored by McAfee.
- SafeWeb is sponsored by Norton.
- Phishtank is good for checking for phishing sites.
More tips and help: