Let's say you receive an email that looks to be from your financial institution and says, "Please update your bank information or your account will be terminated." You might click the link or download an attachment without ever analyzing if the threat is real. Unfortunately, that wasn’t from your bank. And you just got hacked.
Hacking may feel like the kind of catastrophe that happens to other people, not you. The simple reality is that email phishing — attacks that cast a wide net in the hopes of catching unwary “fish” — is on the rise in a big way. You have to be careful, especially when it comes to revealing your personal and financial information.
Fortunately, there are some red flags that make it easier to sniff out a suspicious email as soon as it hits your inbox.
- Don't download suspicious attachments (just don’t).
- Don't reply to the email.
- Don't release any sensitive personal or business information.
- Call the sender directly and ask them how to proceed.
- For financial institutions, you can log into the online banking portal and check for important messages.
Good rule of thumb: if you ever are doubtful, contact the sender via phone or their website — don’t respond to the suspicious message directly.
How to spot a phishing scam
Kasasa’s own Cyber Security Analyst Jason Witmer has identified four common phishing techniques:
- Assumed authority or name-dropping
Hackers will do their best to use names of people you know and respect (e.g. the name of the institution’s CEO) to lend credibility to whatever they're asking you to do. Beware of emails that contain an unusual request from someone you would normally trust, especially when they are combined with the next strategy.
- False sense of urgency
This strategy preys on the human tendency to panic and respond without thinking through the possible consequences. You can use urgency as a red-flag: if an email compels you to take immediate action with sensitive personal or business information, take a minute to process the situation and look for a way to verify the request, such as calling the sender directly.
- Flattery or intimidation
These may seem like opposites, but they are two sides of the same coin: stimulating an emotional response based on your ego. Receiving a notification that you've been randomly selected to win a free iPad makes you feel special; and exclusivity is an extremely effective manipulation tool. Alternately, the hacker may attempt to bully you into taking immediate action. Be wary of email requests that make you feel exclusive without good reason, or try to intimidate you into action.
- Stimulate curiosity
This strategy may be the strongest of all. Smart people have been tricked into opening malicious attachments because they couldn't resist the urge to uncover the information waiting on the other side of an email. As human beings, we instinctively seek to satisfy curiosity — sometimes it’s worthwhile to resist the urge.
Although anti-virus software and firewalls can help reduce the number of attacks that you see from day to day, hackers are constantly looking for new ways to exploit people who aren’t on the alert. By thinking skeptically and taking precautionary measures you can lessen the chance of falling prey to a hacker’s schemes.