Ping,
it’s
a
scammer!
The
sound
of
an
incoming
email,
text,
or
direct
message
has
a
way
of
getting
your
attention,
so
you
take
a
look
and
see
what’s
up.
It
happens
umpteen
times
a
week,
to
the
extent
that
it
feels
like
the
flow
of
your
day.
And
scammers
want
to
tap
into
that
with
sneaky
phishing
attacks
that
catch
you
off
guard,
all
with
the
aim
of
stealing
your
personal
information
or
bilking
you
out
of
your
money.
Phishing
attacks
take
several
forms,
where
scammers
masquerade
as
a
legitimate
company,
financial
institution,
government
agency,
or
even
as
someone
you
know.
And
they’ll
come
after
you
with
messages
that
follow
suit:
-
“You
have
a
package
coming
to
you,
but
we’re
having
a
problem
with
delivering
it.
Please
click
here
to
provide
delivery
information
receive
your
package.” -
“We
spotted
what
may
be
unusual
activity
on
your
credit
card.
Follow
this
link
to
confirm
your
account
information.” -
“You
owe
back
taxes.
Send
payment
immediately
using
this
link
or
we
will
refer
your
case
to
law
enforcement.”
You
can
see
why
phishing
attacks
can
be
so
effective.
Messages
like
these
have
an
urgency
to
them,
and
they
seem
like
they’re
legit,
or
they
at
least
seem
like
they
might
deal
with
something
you
might
care
about.
But
of
course
they’re
just
a
ruse.
And
some
of
them
can
look
and
sound
rather
convincing.
Or
at
least
convincing
enough
that
you’ll
not
only
give
them
a
look,
but
that
you’ll
also
give
them
a
click
too.
And
that’s
where
the
troubles
start.
Clicking
the
links
or
attachments
sent
in
a
phishing
attack
can
lead
to
several
potentially
nasty
things,
such
as:
-
A
phony
login
page
where
they
scammer
tries
to
steal
account
credentials
from
you. -
A
malware
download
that
can
install
keylogging
software
for
stealing
passwords
and
other
information
as
you
type. -
Spyware
that
hijacks
information
on
your
device
and
secretly
sends
it
back
to
the
scammer. -
Ransomware
that
holds
a
device
and
its
data
hostage
until
a
fee
is
paid.
(By
the
way,
never
pay
off
a
ransomware
threat.
There’s
no
guarantee
that
payment
will
release
your
device
and
data
back
to
you.)
However,
plenty
of
phishing
attacks
are
preventable.
A
mix
of
knowing
what
to
look
for
and
putting
a
few
security
steps
in
place
can
help
you
keep
scammers
at
bay.
What
do
phishing
attacks
look
like?
How
you
end
up
with
one
has
a
lot
to
do
with
it.
There’s
a
good
chance
you’ve
already
seen
your
share
of
phishing
attempts
on
your
phone.
A
text
comes
through
with
a
brief
message
that
one
of
your
accounts
needs
attention,
from
an
entirely
unknown
number.
Along
with
it
is
a
link
that
you
can
tap
to
follow
up,
which
will
send
you
to
a
malicious
site.
In
some
cases,
the
sender
may
skip
the
link
and
attempt
to
start
a
conversation
with
the
aim
of
getting
you
to
share
your
personal
information
or
possibly
fork
over
some
payment
with
a
gift
card,
money
order,
rechargeable
debit
card,
or
other
form
of
payment
that
is
difficult
to
trace
and
recover.
In
the
case
of
social
media,
you
can
expect
that
the
attack
will
come
from
an
imposter
account
that’s
doing
its
best
to
pose
as
one
of
those
legitimate
businesses
or
organizations
we
talked
about,
or
perhaps
as
a
stranger
or
even
someone
you
know.
And
the
name
and
profile
pic
will
do
its
best
to
play
the
part.
If
you
click
on
the
account
that
sent
it,
you
may
see
that
it
was
created
only
recently
and
that
it
has
few
to
no
followers,
both
of
which
are
red
flags.
The
attack
is
typically
conversational,
much
like
described
above
where
the
scammer
attempts
to
pump
you
for
personal
info
or
money.
Attacks
that
come
by
direct
messaging
apps
will
work
much
in
the
same
way.
The
scammer
will
set
up
a
phony
account,
and
where
the
app
allows,
a
phony
name
and
a
phony
profile
pic
to
go
along
with
it.
Email
gets
a
little
more
complicated
because
emails
can
range
anywhere
from
a
few
simple
lines
of
text
to
a
fully
designed
piece
complete
with
images,
formatting,
and
embedded
links—much
like
a
miniature
web
page.
In
the
past,
email
phishing
attacks
looked
rather
unsophisticated,
rife
with
poor
spelling
and
grammar,
along
with
sloppy-looking
layouts
and
images.
That’s
still
sometimes
the
case
today.
Yet
not
always.
Some
phishing
emails
look
like
the
real
thing.
Or
nearly
so.
Examples
of
phishing
attacks
Case
in
point,
here’s
a
look
at
a
phishing
email
masquerading
as
a
McAfee
email:
There’s
a
lot
going
on
here.
The
scammers
try
to
mimic
the
McAfee
brand,
yet
don’t
quite
pull
it
off.
Still,
they
do
several
things
to
try
and
be
convincing.
Note
the
use
of
photography
and
the
box
shot
of
our
software,
paired
with
a
prominent
“act
now”
headline.
It’s
not
the
style
of
photography
we
use.
Not
that
people
would
generally
know
this.
However,
some
might
have
a
passing
thought
like,
“Huh.
That
doesn’t
really
look
right
for
some
reason.”
Beyond
that,
there
are
a
few
capitalization
errors,
some
misplaced
punctuation,
plus
the
“order
now”
and
“60%
off”
icons
look
rather
slapped
on.
Also
note
the
little
dash
of
fear
it
throws
in
at
the
top
of
the
email
with
mention
of
“There
are
(42)
viruses
on
your
computer.”
Taken
all
together,
you
can
spot
many
email
scams
by
taking
a
closer
look,
seeing
what
doesn’t
feel
right,
and
then
trusting
you
gut.
But
that
asks
you
to
slow
down,
take
a
moment,
and
eyeball
the
email
critically.
Which
people
don’t
always
do.
And
that’s
what
scammers
count
on.
Similar
ploys
see
scammers
pose
as
legitimate
companies
and
retailers,
where
they
either
ask
you
to
log
into
a
bogus
account
page
to
check
statement
or
the
status
of
an
order.
Some
scammers
offer
links
to
“discount
codes”
that
are
instead
links
to
landing
pages
designed
steal
your
account
login
information
as
well.
Similarly,
they
may
simply
send
a
malicious
email
attachment
with
the
hope
that
you’ll
click
it.
In
other
forms
of
email
phishing
attacks,
scammers
may
pose
as
a
co-worker,
business
associate,
vendor,
or
partner
to
get
the
victim
to
click
a
malicious
link
or
download
malicious
software.
These
may
include
a
link
to
a
bogus
invoice,
spreadsheet,
notetaking
file,
or
word
processing
doc—just
about
anything
that
looks
like
it
could
be
a
piece
of
business
correspondence.
Instead,
the
link
leads
to
a
scam
website
that
asks
the
victim
“log
in
and
download”
the
document,
which
steals
account
info
as
a
result.
Scammers
may
also
include
attachments
to
phishing
emails
that
can
install
malware
directly
on
the
device,
sometimes
by
infecting
an
otherwise
everyday
document
with
a
malicious
payload.
Email
scammers
may
also
pose
as
someone
you
know,
whether
by
propping
up
an
imposter
email
account
or
by
outright
hijacking
an
existing
account.
The
attack
follows
the
same
playbook,
using
a
link
or
an
attachment
to
steal
personal
info,
request
funds,
or
install
malware.
How
to
avoid
phishing
attacks
While
you
can’t
outright
stop
phishing
attacks
from
making
their
way
to
your
computer
or
phone,
you
can
do
several
things
to
keep
yourself
from
falling
to
them.
Further,
you
can
do
other
things
that
may
make
it
more
difficult
for
scammers
to
reach
you.
1.
Pause
and
think
about
the
message
for
a
minute.
The
content
and
the
tone
of
the
message
can
tell
you
quite
a
lot.
Threatening
messages
or
ones
that
play
on
fear
are
often
phishing
attacks,
such
angry
messages
from
a
so-called
tax
agent
looking
to
collect
back
taxes.
Other
messages
will
lean
heavy
on
urgency,
like
the
phony
McAfee
phishing
email
above
that
says
your
license
has
expired
today
and
that
you
have
“(42)”
viruses.
And
during
the
holidays,
watch
out
for
loud,
overexcited
messages
about
deep
discounts
on
hard-to-find
items.
Instead
of
linking
you
off
to
a
proper
ecommerce
site,
they
may
link
you
to
a
scam
shopping
site
that
does
nothing
but
steal
your
money
and
the
account
information
you
used
to
pay
them.
In
all,
phishing
attacks
indeed
smell
fishy.
Slow
down
and
review
that
message
with
a
critical
eye.
It
may
tip
you
off
to
a
scam.
2.
Deal
directly
with
the
company
or
organization
in
question.
Some
phishing
attacks
can
look
rather
convincing.
So
much
so
that
you’ll
want
to
follow
up
on
them,
like
if
your
bank
reports
irregular
activity
on
your
account
or
a
bill
appears
to
be
past
due.
In
these
cases,
don’t
click
on
the
link
in
the
message.
Go
straight
to
the
website
of
the
business
or
organization
in
question
and
access
your
account
from
there.
Likewise,
if
you
have
questions,
you
can
always
reach
out
to
their
customer
service
number
or
web
page.
3.
Consider
the
source.
When
scammers
contact
you
via
social
media,
that
in
of
itself
can
be
a
tell-tale
sign
of
a
scam.
Consider,
would
an
income
tax
collector
contact
you
over
social
media?
The
answer
there
is
no.
For
example,
in
the
U.S.
the
Internal
Revenue
Service
(IRS)
makes
it
quite
clear
that
they
will
never
contact
taxpayers
via
social
media.
(Let
alone
send
angry,
threatening
messages.)
In
all,
legitimate
businesses
and
organizations
don’t
use
social
media
as
a
channel
for
official
communications.
They
have
accepted
ways
they
will,
and
will
not,
contact
you.
If
you
have
any
doubts
about
a
communication
you
received,
contact
the
business
or
organization
in
question
directly
and
follow
up
with
one
of
their
customer
service
representatives.
4.
Don’t
download
attachments.
And
most
certainly
don’t
open
them.
Some
phishing
attacks
involve
attachments
packed
with
malware
like
the
ransomware,
viruses,
and
keyloggers
we
mentioned
earlier.
If
you
receive
a
message
with
such
an
attachment,
delete
it.
Even
if
you
receive
an
email
with
an
attachment
from
someone
you
know,
follow
up
with
that
person.
Particularly
if
you
weren’t
expecting
an
attachment
from
them.
Scammers
will
often
hijack
or
spoof
email
accounts
of
everyday
people
to
spread
malware.
5.
Hover
over
links
to
verify
the
URL.
On
computers
and
laptops,
you
can
hover
your
cursor
over
links
without
clicking
on
them
to
see
the
web
address.
Take
a
close
look
at
the
addresses
the
message
is
using.
If
it’s
an
email,
look
at
the
email
address.
Maybe
the
address
doesn’t
match
the
company
or
organization
at
all.
Or
maybe
it
looks
like
it
almost
does,
yet
it
adds
a
few
letters
or
words
to
the
name.
This
marks
yet
another
sign
that
you
may
have
a
phishing
attack
on
your
hands.
Scammers
also
use
the
common
tactic
of
a
link
shortener,
which
creates
links
that
almost
look
like
strings
of
indecipherable
text.
These
shortened
links
mask
the
true
address,
which
may
indeed
be
a
link
to
scam
site.
Delete
the
message.
If
possible,
report
it.
Many
social
media
platforms
and
messaging
apps
have
built-in
controls
for
reporting
suspicious
accounts
and
messages.
6.
Go
with
who
you
know.
On
social
media
and
messaging
platforms,
stick
to
following,
friending,
and
messaging
people
who
you
really
know.
As
for
those
people
who
contact
you
out
of
the
blue,
be
suspicious.
Sad
to
say,
they’re
often
scammers
canvassing
these
platforms
for
victims.
Better
yet,
where
you
can,
set
your
profile
to
private,
which
makes
it
more
difficult
for
scammers
select
and
stalk
you
for
an
attack.
7.
Remove
your
personal
information
from
sketchy
data
broker
sites.
How’d
that
scammer
get
your
phone
number
or
email
address
anyway?
Chances
are,
they
pulled
that
information
off
a
data
broker
site.
Data
brokers
buy,
collect,
and
sell
detailed
personal
information,
which
they
compile
from
several
public
and
private
sources,
such
as
local,
state,
and
federal
records,
plus
third
parties
like
supermarket
shopper’s
cards
and
mobile
apps
that
share
and
sell
user
data.
Moreover,
they’ll
sell
it
to
anyone
who
pays
for
it,
including
people
who’ll
use
that
information
for
scams.
You
can
help
reduce
those
scam
texts
and
calls
by
removing
your
information
from
those
sites.
Our
Personal
Data
Cleanup
scans
some
of
the
riskiest
data
broker
sites
and
shows
you
which
ones
are
selling
your
personal
info.
8.
Use
online
protection
software.
Online
protection
software
can
protect
you
in
several
ways.
First,
it
can
offer
safe
browsing
features
that
can
identify
malicious
links
and
downloads,
which
can
help
prevent
clicking
them.
Further,
it
can
steer
you
away
from
dangerous
websites
and
block
malware
and
phishing
sites
if
you
accidentally
click
on
a
malicious
link.
And
overall,
strong
virus
and
malware
protection
can
further
block
any
attacks
on
your
devices.
Be
sure
to
protect
your
smartphones
in
addition
to
your
computers
and
laptops
as
well,
particularly
given
all
the
sensitive
things
we
do
on
them,
like
banking,
shopping,
and
booking
rides
and
travel.
What
is
phishing?
Now
you
know,
and
how
you
can
avoid
it.
Once
phishing
attacks
were
largely
the
domain
of
bogus
emails,
yet
now
they’ve
spread
to
texts,
social
media,
and
messaging
apps—anywhere
a
scammer
can
send
a
fraudulent
message
while
posing
as
a
reputable
source.
Scammers
count
on
you
taking
the
bait,
the
immediate
feelings
of
fear
or
concern
that
there’s
a
problem
with
your
taxes
or
one
of
your
accounts.
They
also
prey
on
scarcity,
like
during
the
holidays
where
people
search
for
great
deals
on
gifts
and
have
plenty
of
packages
on
the
move.
With
a
critical
eye,
you
can
often
spot
those
scams.
Sometimes,
a
pause
and
a
little
thought
is
all
it
takes.
And
in
the
cases
where
a
particularly
cagey
attack
makes
its
way
through,
online
protection
software
can
warn
you
that
the
link
you’re
about
to
click
is
indeed
a
trap.
Taken
all
together,
you
have
plenty
of
ways
you
can
beat
scammers
at
their
game.
About Author
