Outsmarting Phishing

October is Cybersecurity Awareness Month, a perfect time to raise awareness about phishing attacks and how to protect yourself from these deceptive schemes. Phishing scams often disguise themselves as emails, messages, or links from a trustworthy source. Their goal? To trick you into revealing sensitive information or infecting your device with malware. Here’s a straightforward guide on recognizing, resisting, and reporting phishing attempts, inspired by insights from CISA’s Secure Our World campaign.

1. Recognize the Common Signs

Phishing attempts often employ tactics to make you act quickly and without thinking. Here are a few telltale signs:

• Urgency or Emotional Appeal: Messages that demand immediate action or evoke strong emotions are red flags. They may claim your account will be deactivated or that you've won a prize.
• Requests for Personal or Financial Information: Legitimate companies rarely ask for sensitive details through email. Be wary of any unexpected request for this kind of information.
• Unexpected Attachments or Links: Phishers often include attachments or links leading to malware or fake websites.
• Suspicious Email Addresses: Look carefully at the sender's email address, if it doesn’t match the supposed sender or contains misspellings, think twice.
• Poor Grammar and Spelling: While this has become less common, poorly written messages can still indicate phishing.
  
  
  

2. Resist and Report

If you receive a message that looks suspicious, don’t respond. Instead:

• Use the "Report Spam" Feature: Most email providers allow you to mark messages as spam, which helps prevent similar messages in the future.
• Report Directly to the Source: If the message mimics a trusted organization, contact the company directly using contact information from their official website, not the message.

3. Delete and Move On

Once you’ve reported a phishing attempt, delete the message. Do not click on any links, attachments, or even an "unsubscribe" link, as these can lead to phishing sites or confirm to scammers that your email is active. Just delete.

If a message looks suspicious, it's probably phishing.

If something about a message feels off, trust your instincts, it’s likely a phishing attempt. But if there’s a chance it’s legitimate, avoid clicking any links or calling any numbers in the message itself. Instead, try these safer ways to verify:

• Visit the Company’s Official Website: Use a search engine to find the company's verified website, or type the address directly if you know it. Get their contact details from there rather than the message.
• Reach Out Through Another Channel: If a friend or colleague sends you an unexpected message, reach them by another method to confirm. For instance, if a friend’s message on social media seems odd, and you have their number, call or text to verify they actually sent it.

Reporting Cybercrime

General

You can report various forms of cybercrime to the following agencies:

CISA: cisa.gov/report  FBI: ic3.gov

Hacked Account

Report your hacked account to the respective platform’s support team. Here’s where to turn if you have an account with one of these popular websites and you think its been hacked: 

• eBay
• Facebook
• Google
• Instagram
• Outlook
• Paypal
• Snap
• TikTok
• Twitter
• Yahoo
• YouTube

Ransomware

Contact local law enforcement, including:

• CISA: gov/forms/report
• FBI: gov/contact-us/field-offices
• U.S. Secret Service: secretservice.gov/contact/field-offices

Identity Theft

Report identity theft to:

FTC: identitytheft.gov

You can also report to:

ID Theft Resource Center: idtheftcenter.org or call 888.400.5530

Tax-Related Cybercrime

Report tax-related phishing messages or calls to the IRS via email: phishing@irs.gov

More about tax fraud: https://www.irs.gov/help/tax-scams/report-a-tax-scam-or-fraud

Credit Card Fraud

Report credit card fraud to your credit card company or use the FTC’s fraud, scam, and bad business reporting tool: reportfraud.ftc.gov 

Elder Fraud

If you or someone you know has been the victim of elder fraud, contact the U.S. Department of Justice’s National Elder Fraud Hotline 833.372.8311.

Social Security Fraud

Notify the Social Security Administration if you suspect any fraudulent activities related to your social security number: ssa.gov/fraud or call: 800.269.0271.

Business Email Compromise

Report spoofed business-related emails or scams to your organization’s IT department and the FBI at: ic3.gov.

Online Stalking

If you believe you are being stalked or are a victim of stalkerware, call, chat, or text the National Domestic Violence Hotline:

• Call: 800.799.7233
• Chat: thehotline.org
• Text: “Start” to 88788

Cyberbullying

Report cyberbullying to the platform where the bullying occurred or to your child’s school.

Report to local law enforcement if there have been threats of violence, stalking or hate crimes at: stopbullying.gov/cyberbullying/how-to-report

Phishing

Report suspicious emails to your email platform and then delete it. Or you can also report to:

• FTC: reportfraud.ftc.gov
• Anti-Phishing Working Group: reportphishing@apwg.org
• AARP Fraud Watch Network: 877.908.3360

Phishing attacks are increasingly sophisticated, but following these steps can greatly reduce your risk. Share these tips with family and friends to help keep them safe online. Together, we can build a more cyber-secure community.

For more information, visit CISA’s Secure Our World page.

Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:

• Tri-Cities, Washington 509.396.6640
• Yakima, Washington 509.396.6640
• Bend, Oregon 541.848.6072
• Seattle, Washington 206.743.0981

Questions about your IT or Cybersecurity? Give us a call today!