Cyber criminals come up with new ways to compromise internet security every day, but phishing isn’t a new technique. In fact, phishing has been around since 1995, when AOL was the source of everything “internet.” Phishers would send messages to users posing as AOL employees, requesting users to verify accounts or confirm billing information. At the time phishing was unheard of — the term “phishing” was first coined in 1996, a year after such attacks began — so most people fell for the fake emails.
Since then phishing has evolved and become more sophisticated, although it relies on the same concept — tricking individuals to hand over sensitive information that can be used for identity theft. Fewer people fall for the scam these days, according to Verizon’s 2015 Data Breach Investigations Report, with only 23 percent of recipients opening phishing emails and 11 percent clicking on attachments. Unfortunately, it only takes one click to hand over information. The same report states that 67 percent of the most recent data breaches have started with a phishing email.
If you have ever fallen victim to a phishing scam, you’re not alone. Scammers have improved their methods greatly, with incredibly believable emails, which they send out to thousands of people at a time. They populate emails with your name and often go digging on social media sites to tailor their messages, using geolocation tags from Instagram and browser history from public Wi-Fi networks. The easiest way to protect yourself against these scams, and the identity theft they may lead to, is to be aware. Here are a few common baits phishers use to hook their victims:
- Amazing deals: Ever get an email or see a Facebook post about a deal that’s just too good to be true? Chances are it probably is. Great discounts, free gift certificates and unbelievable giveaways are all used to lure in the unsuspecting. Click on the link and you will probably be asked to fill in a form where you will enter email or social media account information, sometimes even credit card or Social Security numbers. Trust your gut on offers that seem impossibly good and don’t click.
- Job advertisements: Phishers target people who are most likely to click on a link. Job searchers don’t often stop to consider that the offer in their email inbox or on a website might not be legitimate, especially since scammers use company logos and professional language. Clicking on the link leads to a form where personal details are entered and job hunters are told to wait for an interview call-back. While true job applications will sometimes request information like your address, be wary of websites that request SSNs upfront. Real employers don’t require that information until they hire you.
- Bank emails: Banks rarely conduct business through email. If you get a message from your bank telling you your credit card is about to expire or to send in sensitive data like your SSN or credit card number, don’t answer. Contact the bank directly, preferably by phone, and ask if the email is legitimate.
Phishing scams help criminals collect a lot of information to use for identity theft. The best way to protect yourself is to stay vigilant. Never click on suspicious email links and make sure you use unique passwords on all online accounts.