Person typing on laptop with a pencil in hand and coffee near by

Don’t Be Fooled by a Phish

Picture this: You’re cozied up on the couch after a long day, casually checking email while your favorite t.v. show runs in the background. As you’re scrolling, you come across one that seems pretty urgent. The email appears to be from your bank, and it says that you need to update your account for security purposes. 

But wait just one second, don’t click the link! That could be a phishing email. Before you proceed, ask yourself a few questions.

Is this email actually from your bank?
Don’t just check the name of the company or person that sent you the email. Check the ‘from’ email address and look closely for alterations like additional characters, numbers used as letters or letters combined to look like other letters. For example, support@trusttedbank.com includes an extra ‘t’ in ‘Trusted’. If there is anything that looks strange about the address, it’s most likely a phishing email. Mark it as spam.

Is that link really sending you to your bank’s official website?
Scammers can edit the phishing link to appear to go to your bank’s legitimate site. However, that link could actually lead to a website that looks identical to your bank’s but is built and managed by the scammer. Here’s how to check:

If you are on a desktop computer or laptop, hover over the link with your mouse. You will find the full address of the link either near the link itself or somewhere on the edges of your browser window, depending on what web browser you are using. 

If you are using your smartphone or tablet, hold your finger down on the link until a window pops up showing the full address of the link. Tap away from the window to close the preview.

Look closely at the full link. This will help you decide if the link leads to a malicious website. Check again for alterations. If you are not confident that it is legitimate, it’s probably a phishing email. Mark it as spam.

Are there grammatical errors and typos?
Credible organizations take care to send accurate emails free of typos. Sure, an honest typo could happen on occasion, but if mistakes are rampant throughout the email, it’s probably a phishing email. You guessed it, mark it as spam.

But I clicked the link, now what?
At this point, you may be thinking, “That’s all fine and dandy, but I clicked on the phishing link and entered my information.” It’s okay, it can happen to the best of us. There’s a few actions you can take to move forward and secure your account:

  1. Go to the legitimate website, reset the password on your compromised account and enable two-factor authentication right away. If you are using that password for other accounts, change those too.
  2. Forward the suspected phishing email to reportphishing@apwg.org, where the Anti-Phishing Working Group will collect, analyze and share information to prevent future fraud.
  3. You’ve probably heard this one before: mark it as spam.
  4. Run a full system scan using antivirus software to check if your device was infected when you clicked the link. If you find viruses, follow these steps on your device. If you still can’t remove the virus, contact a reputable computer repair shop in your area.

Phishing emails are designed to compromise your account and personal information. As time goes on, phishing becomes more sophisticated and targeted so it’s important to stay vigilant.