How to Recognize Phishing
Scammers use email or text messages to try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could get access to your email, bank, or other accounts. Or they could sell your information to other scammers. Scammers launch thousands of phishing attacks like these every day – and they’re often successful. Scammers often update their tactics to keep up with the latest news or trends, but here are some common tactics used in phishing emails or text messages:
The scammers often tell a story to trick you into clicking on a link or opening an attachment. They are usually unexpected messages that look like they are from a company you know and trust, like BTC! The story is usually saying they notice suspicious activity, there is a problem with your account, or there is a new offer and request you to click a link or open an attachment.
Here’s a real-world example of a phishing email that many BTC customers received:
At first glance, it looks real. But look at the header, look at the email address, and read the caption. The header uses strange language and incorrectly states our company motto. The email address is not a corporate address, which is another sign that this is a phishing email. All phishing emails have signs that they are not from the company, so we must be very careful before responding to these types of emails.
How to Protect Yourself from A Phishing Attack
Email spam filters might keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so extra layers of protection can help. Here are four ways to protect yourself from phishing attacks.
- Protect your computer by using security software. Set the software to update automatically, so it can deal with any new security threats.
- Protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Protect your accounts by using multi-factor authentication (MFA). MFA makes it harder for scammers to log in to your accounts if they do get your username and password.
- Protect your data by backing it up. Back up the data on your computer to an external hard drive or in the cloud. Back up the data on your phone, too.
What To Do If You Suspect A Phishing Attack
If you get an email or a text message that asks you to click on a link or open an attachment, answer the following question: Do I have an account with the company or know the person who contacted me? If the answer is “No”, we recommend that you review the email closely and delete it. If the answer is “Yes”, contact the company using a phone number or website you know is real – not the information in the email. Attachments and links might install harmful malware.
What To Do if You Responded to a Phishing Email
If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you will see the specific steps to take based on the information that you lost. We recommend that you change all passwords for all log-ins. If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan and remove anything it identifies as a problem, plus change your passwords.
How To Report Phishing
If you get a phishing email or text message, report it. The information you provide helps fight scammers.
- If you receive a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org.
- If you receive a phishing text message, forward it to SPAM (7726).
- Report the phishing attempt to the FTC at ReportFraud.ftc.gov.