Avoid Phishing Scams with Three Simple Tips Phishing scams are online messages designed to look like they’re from a trusted source. We may open what we thought was a safe email, attachment, or image only to find ourselves exposed to malware or a scammer looking for our personal data. The good news is we can take precautions to protect our important data. Learn to recognize the signs and report phishing to protect devices and data.

  1.  Recognize the common signs

  *    Urgent or emotionally appealing language
  *   Requests to send personal or financial information
  *   Unexpected attachments
  *   Untrusted shortened URLs
  *   Email addresses that do not match the supposed sender
  *   Poor writing/misspellings (less common)

2. Resist and report

Report suspicious messages by using the “report spam” feature. If the message is designed to resemble an organization you trust, report the message by alerting the organization using their contact information found on their webpage.

3. Delete

Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. The unsubscribe button could also carry a link used for phishing. Just delete.

If a message looks suspicious, it’s probably phishing.

But even if there’s a possibility it could be real, don’t click any link or attachment or call any number. Look up another way to contact a company or person directly:

  *   Go to a company’s website to find their contact information
  *   Call the individual at a known number and confirm whether they sent the message

Avoiding phishing is one way to Secure Our World. We can help one another stay safer online so share these tips with a family member or friend!

Information provided by Secure Our world via cisa.gov/SecureOurWorld

Earlier this month, the United States Federal Bureau of Investigation (FBI) released an official advisory about the rise of callback phishing attacks. Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. Typically, if you call the number in a callback phishing email, the cybercriminal will try to trick you into providing sensitive information. The FBI’s recent advisory outlined a new and more dangerous tactic.

GaudiLab/Shutterstock.com

In this scam, cybercriminals send an email claiming that you have a pending charge on one of your accounts. If you call the number provided, the cybercriminal will guide you on how to connect with them through a legitimate system management tool. System management tools are often used by IT departments to remotely connect and control your device. Once the legitimate software has been installed, cybercriminals can use it to sneak ransomware onto your device. With ransomware installed, sensitive information can be stolen and used to extort you or your organization.

Stay safe from similar scams by following the tips below:

• Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to click or act impulsively.
• Consider the context, timing, grammar, and other details of the email or call. For example, does your bank usually ask you to call in?
• Avoid calling phone numbers provided in emails. Instead, navigate to an official website to find the best contact number.

The KnowBe4 Security Team
KnowBe4.com
Stop, Look, and Think. Don't be fooled.