last updated 01/10/2020
Phishing is when a hacker emails you posing as someone you trust. These emails attempt to get sensitive information directly from you, or ask you to click on a link or attachment. These links and attachments can load malware on your machine that can then spread to all of the devices on your network. Don’t click on links or open attachments you weren’t expecting!
- In 2018, phishing emails continued to be the preferred way to spread malware. Mobile malware was also on the rise worldwide with 24,000 malicious apps blocked daily.
- In 2019, 1 in 142 emails were associated with phishing.
- In 2019, Microsoft analyzed 330 million phishing emails per day.
What to look out for in a phish
Typically, there’s a sense of urgency in the message and the hacker wants you to take action quickly. There may also be a threat of some immediate negative consequence if you don’t do as they ask. The hacker may pretend to be the pastor, a staff member, or someone in your church. Malicious emails can easily appear to come from trusted sources. They may even include a reply to an email you just sent.
- Protect sensitive information - Never send account passwords or banking information via email.
- Suspicious emails - Never click any links in an email you think is questionable, not even the unsubscribe link.
- Login links in email = epic fail - If an email asks you to click a link and login, don’t! That link could take you to a fake login page that looks exactly like the real thing.
- If you didn't expect it, reject it - Confirm the validity of all emails you weren’t expecting to receive before clicking any links or attachments. Especially password reset requests! There is nothing wrong with reading an email, just don’t click unknown links.
- Hover to discover (long press) - Hover over links to see where they really go. If you’re using a tablet or phone, perform a long press to create a popup window to display the real URL.
- Check for trash before the slash - https://www.bbt.com/ is not the same as https://www.bbt-login.com/ (demonstration links, do not click)
- Use bookmarks - Instead of clicking on links in emails, create bookmarks in your browser for trusted sites.
- Be wary of free app offers - Emails or texts that ask you to click a link and install a great new app are most likely from scammers, not your friends. Only download apps from bonafide sources like the App Store (Apple) or the Play Store (Android).
- Do not trust the lock - If a link contains the “https://” prefix, it doesn’t necessarily mean that the page is safe. That little “secure” lock only means the information going from your machine to that web page is encrypted, that page could be controlled by a hacker. (In 2017, 24% of fake web pages employed https.)