Spam and Phishing

Cybercriminals have become quite savvy in their attempts to lure people in

and get you to click on a link or open an attachment.

​

Malicious Email

A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency or any other service or business.

​

It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or there is another urgent matter to address.

​

If you are unsure whether an email request is legitimate, try to verify it with these steps:

• Contact the company directly – using information provided on an account statement, on the company’s official website or on the back of a credit card.

• Search for the company online – but not with information provided in the email.

 

Spam

Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. Here are ways to reduce spam:

​

• Enable filters on your email programs: Most internet service providers (ISPs) and email providers offer spam filters; however, depending on the level you set, you may end up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly.

​

• Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox

​

• Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information. 

​

Spam on Social Networks

Spam and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.

 

Tips for Avoiding Being a Victim

• Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.

​

• Before sending or entering sensitive information online, check the security of the website.

​

• Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).

​

• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email.

​

• Keep a clean machine. Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.

 

What to Do if You Are a Victim

• Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

​

• If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).

​

• Watch for any unauthorized charges to your account.

​

• Consider reporting the attack to your local police department and file a report with the Federal Trade Commission or the Internet Crime Complaint Center.

 

Protect Yourself With These Tips

• When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or – if appropriate – mark it as junk.

​

• Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information.

​

• Make your passphrase a sentence: A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!

​

• Unique account, unique passphrase: Having separate passphrases for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passphrases.

​

• Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passphrases are not enough to protect key accounts like email, banking and social media.

​

Here are some useful tips to help you reduce the amount of spam email you receive:

• Set up multiple email addresses. It’s a good idea to have at least two email addresses:

  • Private email address - this should only be used for personal correspondence. Because spammers build lists of possible email addresses – by using combinations of obvious names, words and numbers – you should try to make this address difficult for a spammer to guess. Your private address should not simply be your first and last name – and you should protect the address by doing the following:​

    • If you must publish your private address electronically, try to mask it – in order to avoid having the address picked up by spammers. For example, ‘Joe.Smith@yahoo.com’ is an easy address for spammers to find. Try writing it as ‘Joe-dot-Smith-at-yahoo.com’ instead.

    • When you need to publish your private address on a website, it’s safer to do this as a graphics file rather than as a link.

    • If your private address is discovered by spammers – you should change it. Although this may be inconvenient, changing your email address will help you to avoid spam.

  • Never publish your private email address on publicly accessible online resources.

  • Public email address

  • Use this address when you need to register on public forums and in chat rooms, or to subscribe to mailing lists and other Internet services. The following tips will also help you to reduce the volume of spam you receive via your public email address:

    • Treat your public address as a temporary address. The chances are high that spammers will rapidly get hold of your public address – especially if it is frequently being used on the Internet.

    • Don't be afraid to change your public email address often.

    • Consider using a number of public addresses. That way you’ll have a better chance of tracing which services may be selling your address to spammers.

• Never respond to any spam. Most spammers verify receipt and log responses. The more you respond, the more spam you’re likely to receive.

• Think before you click ‘unsubscribe’
  Spammers send fake unsubscribe letters, in an attempt to collect active email addresses. If you click 'unsubscribe' in one of these letters, it may simply increase the amount of spam you receive. Do not click on 'unsubscribe' links in emails that come from unknown sources.

• Keep your browser updated
  Make sure that you use the latest version of your web browser and that all of the latest Internet security patches have been applied.

• Use anti-spam filters
  Only open email accounts with providers that include spam filtering. Choose an antivirus and Internet security solution that also includes advanced anti-spam features.

​

​

​