What is Phishing? Phishing attacks use email or malicious websites to infect your machine with malware and viruses to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computer with viruses or malware, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information like account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access their accounts.
- When in doubt, throw it out: Links in email and online posts are often the way cybercriminals compromise your computer. If it looks suspicious even if you know the source –it’s best to delete or, if appropriate, mark it as “junk email.” Contact the company directly (via phone) to be sure the email is not legitimate.
- Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information. Use stronger authentication: Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account. For example, it could be a one-time PIN texted to a mobile device, providing an added layer of security beyond the password and username. Visit www.lockdownyourlogin.com for more information on stronger authentication.
- Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
- Install and update anti-virus software. Make sure all of your computers are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.
- Be wary of hyperlinks: Avoid clicking on hyperlinks in emails; type the URL directly into the address bar instead. If you choose to click on a link, ensure it is authentic before clicking on it. You can check a hyperlinked word or URL by hovering the cursor over it to reveal the full address.