What is Phishing?
Phishing is the cute, nautical-sounding term for what is actually quite a serious problem. According to the Federal Trade Commission (FTC), phishing is defined as the situation in which “internet fraudsters impersonate a business to trick you into giving out your personal information”. The fraudulent party is typically after credit card data and other payment information. Phishing attacks can occur via email, website pop-up, phone call, or any other communication medium. The effects of a phishing attack can be devastating to the affected parties, so it’s important to ensure that the appropriate measures are taken to mitigate the risk.
Identifying a Phishing Attempt
Phishing attacks are fairly identifiable, if you know what you’re looking for. In particular, look for these red flags in received email messages:
- The sender’s email address is one you don’t recognize
- Spelling and grammar errors in the subject and body of the email
- Calls to action that insist you click on a provided link
- Sometimes there are straightforward malicious attempt, such as threats to discontinue your account
The FTC gives example phishing message content to demonstrate what phishing might look like:
“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
Essentially, it is important to realize that legitimate businesses do not ask for sensitive information over an insecure channel, such as email, pop-ups, or unsolicited phone calls. Be suspicious of any message or call that looks or sounds like any of the above phishing examples, or includes spelling and grammar mistakes, links, and/or threats.
What To Do If You Suspect You Are Getting Phished?
If you suspect that you are a victim of a phishing scam, first and foremost, do not open or click on anything. You can rest your mouse over links in suspicious emails to see whether the link’s address matches with the typed link address (if it doesn’t, that’s a red flag).
Forward any suspicious emails to spam@uce.gov or reportphishing@antiphishing.org, and if the email impersonates a real business, to the business as well. You are also encouraged to file a report with the FTC.
How Can You Avoid Phishing Attacks?
While you can never predict when or how you might come under attack from phishers, there are several measures you can take against being targeted in the first place. In particular, the FTC recommends you take the following steps to avoid a phishing attack:
- Adhere to strict computer security practices and use updated security software
- Double-check the sender’s email address of all messages you recieve
- Review financial statements often to check for unauthorized charges
- Never email sensitive information
- Do not download files or open attachments from emails without trusting the sender and their content first
- Use PaidYET as your payment processor and let us handle it for you.
PaidYET Merchants Have No Payment Information to Steal
A huge benefit of PaidYET is that merchants never touch their customers’ payment information due to PaidYET’s encrypted tokenization system. In the event that a phisher did gain access to a PaidYET merchant’s computer, there would be no credit card information to steal. Whereas when a merchant accepts and stores customer information, they put their customers’ sensitive information at risk. Using PaidYET not only improves a merchant’s daily life by making it easier to accept credit cards, but it also keeps them and their customers safe from phishing attacks.