All about phishing scams (and the best ways to avoid them)

Is data security, online privacy and identity theft a top concern? If it’s not, it should be. More than ever, we’re seeing increasingly sophisticated attempts from hackers to steal information from organizations, and use it to commit identity theft and fraud.

Hackers are using data breaches to steal valuable information — such as email accounts, names, birth dates and phone numbers — and then using that information to conduct phishing scams to gain access to online accounts. The best way to avoid being taken in is for organizations to put good security procedures and policies in place, and for everyone to learn how to spot a phishing scam.

Here’s what you need to know in order to avoid getting hooked by hackers phishing for your information:

1) Know your weaknesses. You need to stay up-to-date on the latest technology security news to know if you’re vulnerable. For example, if you’re using a version of Microsoft IE, you need to know about a reported vulnerability that opens the door to phishing attacks. Watch out for news about malvertising attacks and ransomware scams. You also need to pay close attention if you’re part of a larger cyber attack or your personal information has been compromised.

2) Know how to spot a phishing scam. You might be surprised. A phishing scam can come in the form of an email, link, or even a telephone call. Cybercriminals will use whatever means they can to install malicious software or access your accounts to steal your personal information. Watch for suspect emails with bad links (and don’t click on them!), phony security alerts, fake websites and out-of-the-blue phone calls in which someone says that they can help you solve a computer, account or software issue. Make sure your agency’s employees know what to watch out for, too.

3) Know what’s going into your spam and trash folders. If hackers do start trying to access your accounts, one of the first things that can happen is that they’ll reset your passwords to critical accounts and set a filter so that any email notifications about the changes bypass your inbox. Always watch your email account for unusual activity, and if you see anything strange – such as trash or spam folders emptying themselves — change your password immediately.

4) Use two-factor authorization. Activate two-factor authentication whenever possible, for any business or personal account.