You have probably heard about someone who clicked on a bad link or opened a nasty attachment in an email. You may also have heard of someone who received a letter in the mail or got a phone call offering some fantastic, "too good to miss" deal, only to be "taken to the cleaners." In this article, our IT Security team offers some guidelines and quick tips to help us avoid scammers and other bad actors.
The good news is, you already possess the best defense to ensure you are not taken advantage of or scammed. Regardless of the medium, a healthy dose of skepticism goes a long way! If something looks or sounds too good to be true, you can bet it probably is. If you get an email telling you to immediately "click here" for a free pile of money, a free iPhone, etc., you need to pay special attention. When someone asks you for login credentials or personal information, your "scam radar" should be on full alert.
If you have an account with an organization, it is highly doubtful they will request additional personal information through an email message. If you are unsure, use a secondary method to validate that whoever is contacting you is official.
If you receive an email and you think there may be a valid reason for you to interact, asking a few key questions will help keep you safe. Before you click any links, read the email very carefully:
- Are the spelling and grammar correct?
- Does the message come from a person you know?
- Is the email address in the same format as other confirmed messages you have received from this organization in the past?
- When you hover over the links in the email, do you recognize the URL address?
If a message tells you to log into your account, you are much safer to go directly to the website by typing the known address into your browser or by using one of your bookmarks/favorites. Bad actors often purchase domain names that are very close to reputable names (think google.com versus goggle.com). Without careful reading, it is easy to be fooled.
While email is a common method of phishing for information, bad actors use many other methods. Tax season is an especially risky time of year. Scammers will send out paper mail attempting to get you to send them tax information. They will pose as a government entity and use language to make it look as though you have issues with your taxes. Do not automatically call the number provided in a letter; use the internet to check for official phone numbers of an organization. And call the IRS if you have questions.
Phone calls are another popular method of phishing for information. Scammers will call and try to acquire personal information, such as passwords, credit card numbers, or Social Security numbers. Our IT department, Microsoft, Google, and other reputable organizations will never call you and ask for your passwords. Similarly, banks and government agencies will never call you and ask for credit card or Social Security information.
Remember: if it sounds too good to be true, most likely it is not true. Skepticism and critical thinking are your best defenses. So, stay safe and secure with your work and personal information!