October 27, 2021 • 7 min
Article Contents
Phishing is when a fraudster pretends to be a reputable person or company and steals personal information to be used for financial crimes or identity theft. Phishing happens on social media, via email, over the phone, and in pop-ups and search engine results.
This classic scam illustrates how phishing works.
Besides email, phishing can happen via cold calls, pop-ups, search results and social media.
This classic cold call phishing scam happens when “tech support” calls and claims to be from a reputable company (like Microsoft or Norton) and states that your computer has a problem. The criminal will then ask you to install software on your computer, or to give them remote access to your computer.
If you install the software or give the caller remote access, you’re giving thieves access to steal your money and personal information. Sometimes, these scammers will even ask for a fee to fix the issue.
When browsing the internet, you might see pop-ups that tell you there’s something wrong with your computer, or that offer to “fix” or “scan” your computer. Often, you will see these when you’re searching for a related problem – for example, a pop-up that claims to have found a virus on your computer appears when you search for information about viruses.
Sometimes, the pop-ups will look like they come from a legitimate source, such as Microsoft or Norton. If you click the pop-up, provide personal information, or download software, you may end up being phished.
Examine the message closely — look for obvious signs of fraud such as poor spelling, unprofessional imagery, and bad grammar. If there’s a phone number listed in the pop-up, you can also do an internet search for that number to verify its legitimacy. In general, it’s a good idea to steer clear of pop-ups!
Fraudsters frequently use paid search results to advertise “support services”, cheap products, employment opportunities or amazing deals. Beware of the following when you’re looking at search results:
From Facebook to LinkedIn, social media is full of phishing attacks.
For example, a friend’s Twitter account that has been compromised might send you a direct message with a fake link to connect with them on LinkedIn. This link would direct you to a phishing site that looks like the LinkedIn login page, but is really a phishing site designed to steal your LinkedIn credentials.
For example, the Twitter handle @Amazon_Help might be used to impersonate the real support account @AmazonHelp. To make sure you’re using real customer support accounts, begin your search for help at the company’s official website.
There’s many phishing scams out there, but you can protect yourself from them online if you remember the five RIVER practices: Refuse, Ignore, Verify, Exercise and Review.
Refuse – Refuse to download software or provide remote access if there are phone calls about your computer asking for remote access – hang up, even if they mention a well-known company such as Microsoft.
Ignore – Ignore suspicious text messages, close pop-up windows, and avoid clicking on links or attachments in emails from people you don’t know – delete them instead.
Verify – Verify the identity of the contact (if you’re unsure about a message) through an independent source such as an online search, or call them at a known number. Don’t use the contact details provided in the message sent to you!
Exercise – Exercise caution when shopping online. Beware of offers that seem too good to be true, and always use an online shopping service that you know and trust. Think twice before using virtual currencies (like Bitcoin) or alternate payment methods (like prepaid debit cards or iTunes gift cards) — they do not have the same protections as other transaction methods.
Review – Review your privacy and security settings on social media. If you use social networking sites such as Facebook, be careful who you connect with, and learn how to use your privacy and security settings to ensure you stay safe.
If you think you’ve been phished, take these 4 steps to protect yourself.