(ABC4) – Chances are, if you own a telephone or a computer, you’ve been at the receiving end of a scam attempt.
October is Cybersecurity Awareness Month and The Utah Department of Public Safety (DPS) is reminding the public to watch out for common phishing and spoofing tactics, especially as they become smarter and more sophisticated.
Phishing attacks arrive through email or malicious websites that infect your device with malware and viruses when clicked on. Attackers are hoping to collect personal and financial information.
What to watch out for:
Typically, phishing emails may appear to be from your bank or financial institution, government agencies, e-commerce/shopping sites, and other similar services/businesses. The email will request personal information such as account numbers, passwords, or Social Security numbers. If you click on the link to verify that information, it opens the door for attackers to access your accounts.
The Federal Trade Commission’s OnGuardOnline has provided popular examples of what attackers may email or text when phishing for sensitive information:
• “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
• “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
• “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
Spoofing attacks involve disguising their identity, pretending to be a trusted source. Attackers will use email addresses, sender names, phone numbers, or website URLs that look familiar. But if you look closely, you’ll notice the names are misspelled by one letter or symbol. This is a huge red flag to watch out for. These sources will often ask you to download software, send money, or disclose personal, financial, or other sensitive information.
How to avoid getting scammed:
- If you’re unsure who the email is from or have any doubts, do not click on any links or download any attachments. Be cautious of generic greetings such as “Hello Bank Customer.” It’s always best to call the institution directly to confirm the email.
- Watch out for any request that seems urgent. Typically, spammers will create a sense of urgency, creating fear that your account or information may be in jeopardy.
- Be cautious of hyperlinks — hover over the link to see the true URL and make sure it begins with “https.” The “s” indicates encryption is enabled to protect users’ information.
- Set up extra login protection protocols such as multi-factor authentication. This provides an extra layer of protection against spammers. Use this for email, banking, social media, or any other service that requires logging in.
- Create complex and varied passwords to ensure hacking remains difficult. Utilizing longer passwords with numbers and special characters is best. This way, in the event of a breach, you won’t be fully compromised if all your passwords are different.
- Protect your personal information by ensuring your job title, email addresses, and full name are not easily accessible on the internet.
- Install and update anti-virus software, ensuring all electronic devices with internet access are fully protected.
To report phishing or spoofing attempts, click here.
To find out more information about safeguarding your information, click here.