Detecting a Phishing Scam
BE AWARE: Phishing is on the rise at BYU-Idaho. Therefore, it is vitally important that you familiarize yourself with the signs of phishing so that you can be prepared to spot and avoid it when/if a phishing message lands in your inbox.
Phishing is a scam in which an email is sent claiming to be from a legitimate source. These emails ask for personal information (card numbers, Social Security numbers, etc), which, if given, can be used by cybercriminals to access your bank accounts and wreak financial havoc. These used to be computer-specific threats, but the rise of smartphones, tablets, and mobile applications has brought this threat to mobile users as well. In fact, some say that mobile users are three times more likely to be victimized by a phishing scam than standard computer users.
Keep an eye out for these signs of phishing:
- Be wary of any email that claims your information has been compromised, or that demands you respond to the sender with personal information such as your bank information or Social Security number. No legitimate source will ask for this information via email. In fact, most legitimate sources will not ask for it at all.
- If an email offer seems “too good to be true,” chances are it is. Ignore emails that offer extravagant prizes for seemingly no reason, tell you you’ve won a contest you never entered, or that claim to be offering you large sums of money. These are always scams.
- Be wary of any emails that come from unfamiliar addresses! If you don’t recognize the entity sending you the email, chances are the email (and what’s hiding within it) are things you could gladly live without.
- Keep an eye out for spelling or grammar mistakes. For example, an email might claim to be from eBay and refer to you as a “costumer” instead of a “customer.” Real emails from legitimate companies will not have errors such as these.
- Phishing emails will often tell you that “direct action” is required on an account, and to “click this link” to perform that action. Chances are good that this is false, and in any case, you should never click links offered to you like this. If you’re worried that the email might be legitimate, log into the account in question, verify the legitimacy of the email, and (if needed) perform the requested actions directly from that account.