Phishing

Quick Facts

Phishing is a scam where internet fraudsters send fraudulent emails, pop-ups, phone calls and text messages to lure personal and financial information from unsuspecting victims. To avoid getting hooked:

• Don’t reply to email or pop-up messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your Web browser — phishers can make links look like they go one place, but that actually send you to a different site.
• Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
• Don’t email personal or financial information.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
• If you think you are the victim of a scam, visit the Federal Trade Commission’s identity theft website at https://reportfraud.ftc.gov/

Spear Phishing

Targeted attempt to gather personal information

Spear phishing is a very focused form of phishing in which a specific organization or business is targeted, with tailored information being used to lend legitimacy and encourage trust.

Spear phishing often involves sending mails to addresses within a company, posing as someone who could be expected to contact that company and requesting information they may normally be expected to request. Such attacks are often used simply to harvest names and addresses of company members, for spamming or further spear-phishing motives, but may also be combined with other social engineering techniques to trick recipients into installing malware.

Always verify the identity of the person you are communicating with over electronic communication channels. Consider establishing non-electronic verification for sensitive operations like sending or receiving money.