Phishing scams, where fraudsters trick users into providing them with sensitive information, are one of the most common online threats. Here, some ways you can avoid becoming a victim.
You’re scanning through your inbox and see an authentic-looking email from your bank — right down to the logo. It says they’re verifying your online banking information, and so they ask you to click on a link and type in your credentials.
Sounds legitimate, no?
Unfortunately, this is a case of a “phishing” scam, a malicious attempt by a person (or program) to “lure” you into giving out personal info, such as banking info, a credit card number or social security number — with the intent to steal your identity for financial gain.
Here are some suggestions to avoid being taken by these scams.
1. If you get an email, text message or pop-up message that asks for personal or financial information, don’t reply and don’t click on the link in the email. Your bank, financial institution or credible online payment service (such as PayPal) will never ask for sensitive information via email. When in doubt, call your bank or credit card company.
2. Anti-malware software (which includes virus detection), a computer firewall and web browser with an anti-phishing feature can all help act as an extra line of defence from some of these malicious phishers.
3. Look at the link in your email. You’ll notice the URL it wants you to click on isn’t an official site (e.g., td.com); instead, it’s something else (like tdbank100.cc).
4. To stay ahead of these scams, it’s important to know what these phishing emails and text messages look like. They often indicate a sense of urgency so it’s important to look at the language used (“We need you to confirm your information right away to avoid any problems,” etc.). You may also spot spelling and grammatical mistakes as these phishing attempts are usually generated in non-English countries (but not always).
5. Stick with reputable retailers when giving out financial information, like your credit card, and always be sure to look for indicators that the site is secure, such as a little lock icon on the browser’s status bar or a URL for a website that begins with “https:” (the “s” stands for “secure”).
6. Whenever you sign up for something online, try to use a secondary email account — such as a free webmail address from Gmail, Yahoo or Outlook.com — and not your main email address at work or from your ISP (e.g., Rogers). That way you can better manage the “spam” (and resulting phishing scams) you might expect from registering online for gaming, shopping and social networks.
A version of this story was originally published on Feb. 6, 2018