Video: Phishing: Don't take the bait!

  • Transcript

    Phishing is when a cybercriminal poses as a legitimate organization to try and lure you into providing sensitive data.

    Sometimes they send you an email or call you asking for your banking or credit card numbers, even your usernames and passwords.

    This information is then used to access important accounts and can result in identity theft and financial loss.

    When this is done over SMS text messages — it’s referred to as smishing.

    Here are some of the tactics that might be used by somebody trying to phish or smish you:

    They might try to scare you by saying your information has already been compromised or threaten to close your account, fine you or even take legal action if you don’t respond.

    On the other end of the spectrum, some messages will make it seem like you’re being rewarded — receiving inheritance from a long-lost relative, winning a contest you’ve never entered, or getting a refund for something you didn’t purchase.

    Whether they’re playing good cop or bad cop, there will often be a sense of urgency to phishing requests. To encourage action without thinking, phishers will often give tight deadlines.

    No matter the tactic, here are some ways to tell if the messages you receive are actually phishing attempts.

    Phishing messages can be impersonal, addressing you as Sir or Madame instead of using your name.

    They’re more likely to have spelling and grammar mistakes or unprofessional graphics than legitimate organizations.

    They’ll also come from a domain unrelated to the company they’re pretending to be from. So double check the address when you receive an email by hovering over it with your mouse.

    Unfortunately, there are fewer clues when it comes to smishing. The best way to determine is a text is fraudulent is just to ask yourself — would this organization be texting me and asking me to take action?

    In most cases, the answer is no.

    In fact, stopping and asking yourself that question is a great way to protect yourself from all forms of phishing.

    If you’re still not sure, get in touch with the organization by using the contact information on their official website. If there’s really a problem, they’ll let you know.

    Legitimate organizations don’t usually ask you to verify or provide confidential information in an unsolicited email or text.

    Phishing scams are on the rise — but follow these tips and you’ll be sure not to take the bait.

Date modified: