How to Recognize & Avoid Common Phishing Attacks
Common Phishing Scams and How to Avoid Them
Phishing is on the rise, and anyone who uses email, text messaging, and other forms of communication is a potential victim.
These attacks, in which a cybercriminal sends a fraudulent message that’s designed to fool a user into clicking deceptive links to prompt the launch of malware on the user’s system, can be extremely effective if done well.
The best defense is awareness and knowing what to look for. Let's take a look at six common phishing scams that you’re likely to receive and what you can do to avoid falling for them.
- Appears to come from a well-known company like Netflix® and asks you to sign in and correct an issue with your account
- Link points to a website pretending to be a company's legitimate site and asks for your login credentials
TIP: Do not click any links in the email - directly log in to your account by typing the address into your web browser. If you are unable to log in, contact the service using official contact information.
Cloud File Sharing
- Contains a link to what appears to be a shared file on Google Docs®, Dropbox® or another file-sharing site
- Link points to a page pretending to be a file-sharing site and requests you log in
TIP: Do not click any links in the email. Instead, log in to your account and find the shared file. Remember to verify sender identity and use established Cloud file-sharing services.
- Comes from a domain similar to the DocuSign® domain
- Link will prompt you to sign in to view the document, giving attackers control of your inbox
TIP: DocuSign® never attaches items to email - attachments are likely malicious. Instead, access documents directly from the DocuSign® website.
- Contains a document presented as an unpaid invoice and claims service will be terminated if the invoice is not paid
- Targets individuals (by pretending to be a retailer) or businesses (by impersonating a vendor or supplier)
TIP: Do not reply to the email. Contact vendor/service directly using official contact information before submitting payment.
- Appears to come from a popular delivery service (FedEx®, UPS®, etc.) or online retailer and includes a delivery notification with a malicious link or attachment
TIP: Do not click links or open attachments in unexpected notifications. Instead, visit the delivery service's official website and enter the tracking information, or call the delivery service's official phone number.
- Appears to come from a government tax revenue agency (e.g., IRS in the U.S.)
- Claims you are delinquent on your taxes and provides a means to fix the issue before additional fines or legal actions are pursued
TIP: Never share personal or financial information via email. Only use official communication channels to contact revenue agencies.
While we hope you find this content useful, it is only intended to serve as an educational article. Products referenced above are examples and should not be construed as endorsements. Additionally, Netflix, Google Docs, Dropbox, DocuSign, FedEx, and UPS are all registered trademarks of their respective listed organizations.