|
Phishing emails are fake messages that look like they come from a trusted source like your bank, a well-known company, or even a friend. These emails often create a sense of urgency by using phrases like “Your account has been locked!” or “You’ve won a prize!” to get you to act quickly without thinking.
Spoofing attacks use email addresses, sender names, phone numbers, or website URLs that are disguised as trusted sources. Scammers attempt to deceive you by changing one letter, symbol, or number within the name. This tactic is used to convince people that they are interacting with a familiar source. The goal is to trick you into clicking a link, downloading an attachment, or giving away personal information like passwords or credit card numbers.
-
Play hard to get with strangers. Links in email and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from, even if the details appear accurate, do not respond and
do not click on any links or attachments found in that email. Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.
-
Think before you act. Be wary of communications that ask you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
-
Protect your personal information. If information is published online such as your full name, job title, and email addresses, they can attempt a direct spear-phishing attack on you. Scammers can also use social engineering with these details to try to manipulate you into skipping normal security protocols.
-
Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to help protect your information.
-
Enhance your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device such as your smartphone, an authenticator app, or a secure token — a small physical device that can hook onto your key ring.
-
Use strong passwords. According to National Institute of Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember unique and complex passwords for each of your accounts.
-
Install updates. Make sure all your computers, phones, tablets, and smart devices are equipped with regularly updated protections such as antivirus software and firewalls. Enable automatic updates to ensure your device receives important security updates as they are released.
Finding out your email has been hacked can be stressful, but don't panic. Here are the steps you should take right away:
-
Change Your Password Immediately. If you still have access to your account, change your password right away. Choose something strong and unique (avoid using the same password elsewhere). If you can’t log in, use the “Forgot Password” link to reset it.
-
Enable Multi-Factor Authentication (MFA). Multi-factor authentication (MFA) adds an additional layer of security to each of your accounts. When you turn on MFA, you use more than a password to log in, which might mean a fingerprint, facial scan, a text message, or an authenticator app. Enable MFA anywhere and everywhere you can.
-
Check for Unauthorized Activity. Look for any suspicious sent emails, mailbox rules, new contacts, or unfamiliar devices in your account settings.
-
Update Other Accounts. If you used the same password elsewhere, change the passwords on those accounts too. Scammers often try to use stolen credentials in other places.
-
Alert Your Contacts. Let your friends, family, and/or coworkers know your account was hacked. Tell them not to click on any strange messages or links they may have received from you.
|
