Phishing scams – or email trolling for personal information and credentials – have soared in recent years. The US-CERT (Computer Emergency Readiness Team) warned about them during the holiday season, and security analysts expect continued attacks in 2015.When cyber criminals conduct phishing scams, they lure victims into a false sense of security by showcasing trusted logos of established firms. A common phishing scam begins with a fraudster sending out thousands of emails claiming to be from a high-profile service provider. The email will usually ask a recipient to provide personal information to verify information that was previously provided for creating an online account.Scammers may supplement the email with one of the following tactics to maximize chances of response:

Urgent action required: Many fraudsters create emails that warn the recipient that failure to respond will result in the termination of his/her online account. Some emails may claim that suspicious activity was detected in the account or a new privacy program is being implemented, which requires quick approval.

Legit-looking URLs: An email might include a URL that looks to be for a legitimate site where the recipient can enter information. But in reality the third-party website is malicious and the entered data goes to a remote server owned/controlled by the hacker. In some cases, clicking the URL will lead the user to select pages of a legitimate website, such as an actual privacy policy page to increase chances of information submission.

From company employees: The text of the message or the subject line might include real-world names of people who actually work in the company. That way, if recipients are contacted to confirm whether an employee is truly associated with a particular department of the company, they are likely to feel assured and respond.

scam 1

Protecting yourself against phishing scams

While the best way to protect yourself from phony emails is to increase your knowledge about detecting malicious URLs and how legitimate companies may or may not communicate, following these simple steps can greatly increase your ability to avoid being a victim of phishing scams:

  1. Use link verification tools

One way to determine the legitimacy of URLs is to hover the mouse over them and see where they redirect to. However, some emails may include links that have been shortened with a URL shortening service like bit.ly etc. so hovering won’t help. In such instances, you can copy and paste the link into a URL verification tool like getlinkinfo.com: this is a website that follows the link for you and showcases all the redirects. With this kind of a tool, you can confirm that yes, this email is really from your bank and not an attempt to steal your banking credentials. If the results continue to return a long list of URLs, your suspect meter should be on the higher site, since the link will make you bounce around multiple sites before you access a legitimate site. While in some cases they are marketing-related, others will be malicious.

  1. Bump of your security

Personal firewalls and internet security software with phishing detection and prevention capabilities are a must-have for those who receive emails to conduct online financial transactions. According to Trend Micro, the latest web security solutions include features to prevent identity theft by blocking phishing attempts, and some programs even enable safer surfing through a secure browser.

  1. Read monthly statements

Don’t skip reading your monthly account statements. Read them as soon as you receive them to make sure all transactions shown are the ones that were actually authorized by you, and check to see if there are any transactions that you aren’t aware about. Make sure the company has your contact information, including your email and mailing address.