Most people are familiar with phishing scams, email messages that pretend to be legitimate but instead infect your computer or harvest your passwords. Some phishing scams are easy to avoid thanks to obvious grammatical errors or other red flags. Others, however, are so accurate they can even fool the experts.
Phishing scams can originate from phony senders, or they can come from hijacked accounts. Internet providers try to block phony senders from their servers, but as you probably already know, the scams slip through. You can use your email’s Junk option to mark such messages as spam. This trains your spam filter to recognize similar messages. Don’t bother trying to unsubscribe, as that only will confirm your email address to the scammers.
Hijacked accounts are a bit trickier, because password harvesting is a vicious cycle. Someone’s account gets hijacked, and the hacker sends emails to that person’s contacts. You receive a message that looks like it’s from a legitimate source, because it is, except the message is a scam. If you click the message, your account is hijacked too, and your contacts similarly will be spammed. And on it goes.
You can help to stop the cycle by avoiding links and attachments in email and by protecting your accounts. Be suspicious of all attachments and messages with links, even if they’re from people you know. Remember, scammers have perfected the art of mimicking the look and feel of email notifications from sites such as Apple, Facebook and many banks.
Let’s say your bank emails you a message about your account. Don’t click the link; type the bank’s site address into your web browser and log in that way instead. It may take a few more clicks, but those clicks are your protection against what might be a malicious link trying to steal your banking credentials.
Or, say someone sends you a link to a file on Google Drive or Dropbox. Instead of clicking the link, type the site’s address into your browser, log in and navigate to your shared files.
Protect your online accounts by using strong passwords that have never been used for any other site or account. If you re-use passwords, a hijacker will gain access not just to one account, but to all of them. You can use a password manager to help you create strong, unique passwords. Password managers aren’t foolproof (they can be hacked like anything else), but they offer an additional measure of protection.
Two-factor authentication adds an extra layer of security by requiring a second method of confirmation, usually a code texted to your phone or provided via a secure app. The theory is if your password is stolen, a would-be hijacker would not have the second token necessary to log in. While two-factor authentication is not perfect and can be circumvented, it’s better than passwords alone.
You can find additional information on how to avoid phishing scams on the FTC.gov site.
• Triona Guidry is a freelance writer and computer specialist. Her Tech Tips blog, www.guidryconsulting.com/techtips, offers tech support advice for Windows and Mac.