Tips for fighting phish, spotting scammers and staying secure

From mysterious emails to puzzling pop-ups, approaching the realm of fraud-detection can feel daunting. Not to fear: Week 2 of Cybersecurity Awareness Month (CSAM) has begun, bringing with it an array of resources, strategies and guides on how to spot dead-giveaways for scams and schemes.

Though phishing and other scam attempts are cause for concern, staying connected doesn’t mean staying defenseless. Many attempts at stealing data are preventable with simple, quick and proactive methods of locking down your data. This ensures your smooth journey through the digital landscape! Common sense precautions and a keen eye for bot-speak, for example, are two of the most effective defenses against digital ruses. 

 Keep in mind the Three S’s this month and beyond, and explore cyberspace with confidence:

  1. Social engineering - Some cyber attackers prefer a manipulative method in which they attempt to steal your information by convincing you to willingly give it up. Remember that the vast majority of reputable companies will never ask for your password or login information, nor will they send you emails littered with excessive, unrealistic and unprompted demands for money. Social engineering operates on such a wide scale that even huge companies like Microsoft, Paypal and Netflix were the top “spoofed” (the act of disguising an unknown source behind a “trusted” one) businesses last year. If you ever receive demanding emails, especially one from a financial institution, do not respond or use the contact information provided there. Instead, navigate to the organization’s official website or social media to retrieve contact information, and reach out from there to verify the legitimacy of the email. 

  2. Spear phishing: In this scheme, scammers will exploit personal details about you, such as your workplace, to make their scam more convincing. This includes sending you an email that appears, at first glance, to be from a colleague. Always verify the sender: Is the email address using your workplace’s domain (@asu.edu) or a slightly modified version made to spoof your workplace’s domain (@asu1.edu)? Double-checking the sender’s address and assessing the authenticity of the email’s contents can prevent you from stumbling into a security breach. 

  3. Security questions: Avoid inadvertently answering common security questions on a public online forum. Questions like “What was your first car?” or memes such as “Post your ‘rapper name’ - the name of the street you live on, plus your last name!” Both require you to disclose personally identifiable information (PII) that could offer hints as to what your password is or even reveal the answers to your security questions for initiating a password reset. Ensure any information you offer online does not contain highly personal, easily identifiable facts about yourself. 

Visit GetProtected to learn more about information security, and begin taking steps today for more ways to keep your data safe and sound!