Five Tips for Keeping Phishing and Spoofing Scams From Messing Up Your Life
Several of my clients recently received emails supposedly coming from vendors we are currently using. These emails came from web hosting companies and WordPress plugin developers. Another client received daily email messages containing threats of losing data if a hefty fee was not paid via Bitcoin. CNBC recently reported a phishing scam related to direct deposit of paychecks. Most of these emails looked legitimate with the proper logo, contact info, etc.
Unfortunately, all of these emails were phishing or spoofing scams. These scam emails encourage you to click on a link, download an attachment or update your password through the provided links. Once you do, the action triggers an event meant to steal your personal data, access financial account information, hack your database of contacts or spread a virus on your computer system. Such an attack can get very messy, time-consuming and expensive to correct.
If you receive an email that looks reputable, but you are not expecting it or have reason to doubt its authenticity, be very cautious before clicking on any links or downloading/opening any attachments. Instead, use these tips to find out if the email is legitimate:
- Do NOT click on the website address provided in the questionable email. Do NOT click on any links provided in the email. These cold be fake and may result in problems for your computer.
Instead, type the name of the sender’s website directly into your Internet browser. If you don’t know the exact website address, type the company name into your browser’s search field. Once you find the official website, login into your account, and check for notifications or updates that require your attention. If you don’t see any information matching the questionable email, the email you received is likely a scam. Delete it immediately.
- If you feel unsure how to login into your account via the Internet, call the company’s customer service department to ask if they sent the email. Use the phone number from an old statement or invoice to reach customer service. Do not call any phone numbers provided in the suspicious email.
- Never click on attachments when you’re not expecting the email. If you receive such an email, send a separate email asking if the person really did send an attachment. Do NOT hit reply to the questionable email. Instead, open up a new email message, add the person’s email address, then write a message asking ask if the person sent you an email with an attachment.
- Avoid losing valuable data by backing up your documents and media files. I recommend using online backup software, such as iDrive, PC Magazine’s best pick for the year. Online backup software differs from cloud storage by fully backing up all of your data, including system files. Ideally, use both online backup software and the cloud to store data. Learn more about cloud storage in our blog post.
- If you also keep a copy of your data on a local drive, as soon as you finish backing up the data, disconnect the backup device from the computer. Do NOT leave the device connected to the computer. A scammer who is trying to hold your data hostage can access the data on these devices, too, but only if they’re connected to the computer.