last updated 03/26/2021
Phishing is when a scammer emails you posing as someone you trust. These emails attempt to get sensitive information directly from you, or ask you to click on a link or attachment. These links and attachments can load malware on your machine that can then spread to all of the devices on your network. Don’t click on links or open attachments you weren’t expecting!
- According to complaints filed with the FBI, phishing was the most common type of cybercrime in 2020—and phishing incidents nearly doubled in frequency over 2019.
- In 2020, Business E-mail Compromise (BEC) schemes resulted in losses by US companies of $1.8 billion.
- In 2019, Microsoft analyzed 330 million phishing emails per day.
How to identify a phishing email
Typically, there’s a sense of urgency in the message and the scammer wants you to take action quickly. There may also be a threat of some immediate negative consequence if you don’t do as they ask. The scammer may pretend to be the pastor, a staff member, or someone in your church. Malicious emails can easily appear to come from trusted sources. They may even include a reply to an email you just sent.
- Protect sensitive information - Never send account passwords or banking information via email.
- Suspicious emails - Never click any links in an email you think is questionable, not even the unsubscribe link.
- Login links in email = epic fail - If an email asks you to click a link and login, don’t! That link could take you to a fake login page that looks exactly like the real thing.
- If you didn't expect it, reject it - Confirm the validity of all emails you weren’t expecting to receive before clicking any links or attachments. Especially password reset requests! There is nothing wrong with reading an email, just don’t click unknown links. There is nothing wrong with reading an email, just don’t click unknown links.
- Hover to discover (long press) - Hover over links to see where they really go. If you’re using a tablet or phone, perform a long press to create a popup window to display the real URL.
Caution! You can accidentally click a link from a mobile device when trying to perform the long-press! It is better to wait until you can view a link from a computer where you can hover to discover.
- Check for trash before the slash - https://www.bbt.com/ is not the same as https://www.bbt-login.com/ (demonstration links, do not click)
- Use bookmarks - Instead of clicking links in emails, create bookmarks in your browser for trusted sites.
- Be wary of free app offers - Emails or texts that ask you to click a link and install a great new app are most likely from scammers, not your friends. Only download apps from bonafide sources like the App Store (Apple) or the Play Store (Android).
- Do not trust the lock - If a link contains the “https://” prefix, it doesn’t necessarily mean that the page is safe. That little “secure” lock only means the information going from your machine to that web page is encrypted, that page could be controlled by a scammer. (In 2017, 24% of fake web pages employed https.) Use https://www.islegitsite.com/ to check if the site is legitimate.