Don’t take the bait!

Published:

The graphic shows text "Don't take the bait". The word "bait" is attached to a hook as a phishing metaphor. Th graphic also shows the Cal OES logo in the bottom center section.Tips to protect yourself from phishing

Have you ever received an email that looks legitimate but demands personal information? Or have you ever received phone calls from companies prompting you to share financial details? Have you ever scanned a QR code that directed you to a malicious site?

If you have been in any of these situations, you have experienced phishing.

Phishing is a malicious act of communication during which the attacker impersonates legitimate companies to trick individuals into sharing personal information.

Types:

While there are numerous forms of phishing, here are some you should be aware of:

  • Deceptive Phishing: This is the most common type where attackers use emails to impersonate legitimate companies to trick people into sharing personal information.
  • Smishing: Attackers use SMS text messages to harvest personal information.
  • Vishing: Also known as voice phishing, where attackers use phone calls to impersonate legitimate entities to trick people into revealing sensitive information. This can involve live calls or pre-recorded messages.
  • Quishing: A new form of phishing that uses QR codes to redirect users to malicious sites when scanned.

Something smells phishy?

Here are some common signs of phishing activity:

  • Unusual Email Address: The email may appear to come from a trusted source, but the characters of the address appear slightly different. For example, support@micr0com instead of support@microsoft.com.
  • Generic Greetings: Emails and text that contain phrases like “Dear Customer” or “Dear User” instead of your actual name can be a red flag.
  • Urgent or Threatening Language: Messages that pressure you to act quickly are common in phishing. For example, “Your account will be locked in 24 hours!”
  • Unexpected Attachments or Links: Receiving attachments or links that you weren’t expecting, especially with odd file types (.exe, .scr, .zip), should be treated with caution.
  • Mismatched URLs: Hovering over a link shows a different URL than what’s displayed. For example, the URL characters reads as www.bank.com but the actual link goes to www.fakebank-login.com.
  • Requests for Sensitive Information: Receiving emails or SMS requesting for personal information. Legitimate organizations will never ask for passwords, Social Security numbers, or banking details via email or text.
  • Spelling and Grammar Errors: Many phishing emails contain awkward phrasing, typographical errors, or poor grammar.
  • Too Good to Be True Offers: Emails or calls which promises of large sums of money, prizes, or job offers that seem too good to be true usually are.
  • Unusual Time of Contact: Receiving emails or messages at odd hours, especially from internal contacts, can be suspicious.
  • Spoofed Logos and Branding: While the email may look official, slight inconsistencies in logos, formatting, or branding can be treated as red flags.

How to protect yourself from phishing?

  • Verify the sender’s identity before sharing any sensitive information.
  • Regularly review your bank and credit card statements for unauthorized transactions. Report any suspicious activity immediately.
  • Stop and Think Before You Click the Link: Don’t click on suspicious links, download unknown attachments, or trust unexpected requests for money or personal information. Be skeptical.
  • When in doubt, delete communications or hang up calls to protect yourself from phishing attacks.

Related content:

Cybersecurity: Phishing