Phishing email messages, websites, and phone calls are designed to steal information and money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.
Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.
What does a phishing email message look like?
- Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a communications specialist that will review emails for spelling and grammar. If you notice grammar mistakes in an email, it might be a scam.
- Beware of links in email. If you see a link in a suspicious email message, don’t click on it. Rest/hover your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box. The string of cryptic numbers looks nothing like the company’s web address. Links might also lead you to .exe files. These kinds of file are known to spread malicious software.
- Threats. Have you ever received a threat that your account would be closed if you didn’t respond to an email message? Cybercriminals often use threats that your security has been compromised.
- Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.
Beware of phishing phone calls
Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Once they’ve gained your trust, cybercriminals might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.
Treat all unsolicited phone calls with skepticism. Do not provide any personal information.
Report phishing scams
If you receive a fake phone call, take down the caller’s information and report it to the HelpDesk.
DO NOT respond, DO NOT open any attachments, and DO NOT click any links in emails.
If at work, forward the email to firstname.lastname@example.org. If you have questions, call the Help Desk at 77777 or 1-888-838-3777 for further guidance.
If at home, delete the email immediately. You may need to run your anti-malware program again to check that nothing was downloaded to your home computer. Always keep your anti-malware up to date.
For more information, please click on this link: https://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx.