Understanding and Avoiding Phishing Scams
Phishing is the deceptive practice of sending misleading emails to trick recipients into revealing sensitive information, such as account credentials. Alarmingly, three out of four data breaches begin with a recipient clicking a link in a phishing email.
For instance, you might receive an email that appears to be from amazon.com, claiming a payment was declined on a recent purchase. The email may look authentic, complete with a logo and design similar to genuine Amazon emails. However, upon closer inspection, you may notice red flags.
Not all email applications display the same information for incoming emails. If possible, check the "From" address carefully. Does it match the claimed sender? For example, is the email from amason.com instead of amazon.com? (Note the subtle misspelling.) Additionally, you can hover over — but do not click — any links in the email. Many email applications will display the actual URL, which often reveals a suspicious or unexpected address.
The phishing scheme succeeds when someone clicks a fraudulent link and enters their login credentials. This gives the attacker unrestricted access to the compromised account. This could involve your Amazon account, bank account, DMV records, tax information, or other sensitive data.
The correct response to a suspected phishing email is simple: delete it immediately. Be sure to empty your trash folder periodically as well. If you're uncertain about the email's legitimacy, open your browser and manually type the website's URL to access your account directly.
Do not click links in emails.
We have a downloadable document with screenshots to help you visually identify a phishing email. Get it Here.