Phishing is the term for when someone tries to scam and trick individuals into giving personal information by pretending to be a trustworthy entity over email or text message. Online phishing attacks are a method to obtain personal or sensitive information from an individual, an organization, or hundreds of people by tricking individuals into clicking a link or downloading a file in an email. Phishing scams are also purposely directed at older adults because some scammers view older individuals as easy targets.
This page will focus on how to identify and avoid phishing attacks in your email and what to do if you think your personal information has been compromised.
The U.S. Department of Homeland Security (DHS) published an Alert (AA20-099A) on April 8th, 2020 stating that the Cybersecruity and Infrastructure Security Agency CISA and the United Kingdom’s National Cyber Security Centre NCSC are seeing a growing use of COVID-19 related theme scams including phishing created by cyber attackers.
Examples from CISA and NCSC of phishing email subject lines include:
Defending Against COVID-19 Cyber Scams -- Published by The Cybersecurity and Infrastructure Security Agency (CISA) providing tips and precautions against phishing and cyber scams.
The Cybersecurity and Infrastructure Security Agency. (2020, March 6). Defending against COVID-19 cyber scams. https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams
COVID-19 Exploited by Malicious Cyber Actors -- An alert released by The Cybersecurity and Infrastructure Security Agency (CISA) reporting an increase in Covid-19 themed cyber scams. Also includes a summary of types of cyber attacks and resources for managing different types of cyber attacks.
Cybersecruity and Infrastructure Security Agency. (2020, April 8). Alter (AA20-099A) Covid-19 exploited by malicious cyber actors. https://www.us-cert.gov/ncas/alerts/aa20-099a
Screenshot captured and markups by Hilary Wang of Google's Gmail attachment icon (2020, April 14).
If you have an Gmail account:
Logo of Google Drive by Google
Open email attachments in Google Drive by selecting the Google Drive symbol instead of the download symbol. This way software is not being directly downloaded to your computer.
Screenshot and markups by Hilary Wang of Google's Gmail attachment icon (2020, April 14).
Have I been Pwned:
A simple free tool developed by Troy Hunt, a Australian web security expert, to help users “quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.” Pwned, originally a video gaming term means to be defeated or to get the better of.
Phishing : cutting the identity theft line by Rachael Lininger
Published: 2005 ISBN: 0764584987
A technical description of what happens during a phishing scam and a step-by
step direction for discouraging phishing attacks and responding to those that
maybe have already been phished.
Phishing for phools : the economics of manipulation and deception by George A Akerlof and Robert J. Shiller
By Nobel Prize–winning economists, this book highlights how the free market is inherently filled with individuals looking to profit and dozens of stories demonstrating how phishing affects everyone through manipulation and deception.
Provides context into motivations behind phishing attackers and how to spot a phishing email or a cloned website. Also includes examples of high profiled security breaches that were caused by phishing scams.
Phishing usually comes in the form of a message, for example as an email address impersonating a familiar company or someone you trust, like a family member.
The message is meant to convince you to:
Click on a link.
Open an attachment.
Install software on your device.
Enter personal information into a website that is designed to copy a legitimate one.
Phishing attacks may ask you to:
Confirm personal information for an account such as a password.
Say there is suspicious activity with your accounts.
Offer coupons for online shopping in exchange for personal information.
Update payment details for an account like Netflix .
Opening an attachment or installing software from a phishing message, can unsuspectingly install malware on your mobile device or computer. Your device can then be controlled remotely, allowing others to access your information.
Example of Phishing email:
This example was created by the authors of this libguide for educational purposes and does not reflect a real phishing message from FedEx. (April 14, 2020).
File a report:
According to the Federal Trade Commission for consumers:
Instructions on how to run a scan for Mac OS
Instructions on how to run a scan for Windows 10
Phishing attacks: dealing with suspicious emails and messages -- A guide for individual and families published by the National Cyber Security Centre (NCSC) from the United Kingdom Government outlining what is phishing and what to do if you responded to a phishing message.
National Cyber Security Centre (2020, April 2). Phishing attacks: dealing with suspicious email and messages. https://www.ncsc.gov.uk/guidance/suspicious-email-actions
How to: Avoid Phishing Attacks -- From the Electronic Frontier Foundation, an independent nonprofit that works to educate the public and protect online privacy. This guide outlines on types of phishing attacks and how to defend against a phishing attack. This article is part of the Surveillance Self-Defense guide, which is translated into over 10 different languages.
Surveillance Self-Defense. (2019, October 1). How to: Avoid phishing attacks. Electronic Frontier Foundation.
How to recognize and Avoid Phishing Scams -- Published by the Federal Trade Commission on online security. This article focuses on how to protect yourself online, what to do if you think a scammer has your information, and how to report phishing.
Federal Trade Commision. (2019, May). How to recognize and avoid phishing scams. https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Top 10 Financial Scams Targeting Seniors -- An article from the National Council on Aging that provides an overview of types of financial scams used to target older adults. It includes a section on Internet fraud.
National Council on Aging. (n.d.). Top 10 financial scams targeting seniors. https://www.ncoa.org/economic-security/money-management/scams-security/top-10-scams-targeting-seniors/#intraPageNav5
Gmail Is Catching More Malicious Attachments With Deep Learning -- An article by Lily Hay Newman, a senior writer at WIRED specializing in information security, digital privacy and hacking. Talks about how Google is creating tools to better protect Gmail users from suspicious email attachments.
Newman, L. H. (2020, February 25). Gmail is catching more malicious attachments with deep learning. Wired. https://www.wired.com/story/gmail-catching-more-malicious-attachments-deep-learning/