What is phishing?

How phishing works

The most common phishing scams follow a similar attack plan:

1. The scammer sends you an email, text, social media message, or another digital communication. They might pretend to be almost anyone — a government agency, your bank, your employer, or a business you’ve purchased from before. They might even imitate coworkers, friends, family, or other personal and professional contacts.

2. The scammer provides a malicious link or file and asks you to click or download it. This link or file is designed to steal information such as your PIN, password, social security number, bank account number, or other access credentials. Sometimes, they might directly request this information from you instead.

3. Once the scammer has your information, they can use it to commit various types of cybercrime. They might make fraudulent purchases using your credit card information or use your credentials as a back door to infiltrate a corporate or government network.

How to recognize phishing

Whenever you receive a request for personal information, it’s important to look for red flags that might indicate a phishing scam. Be on the lookout for these common warning signs:

• Typos and misspellings in messages. Legitimate messages can have typos, of course, but scammers often deliberately use excessive typos to help them choose unaware targets who are easier to take advantage of.

• Unsolicited requests for personal information, like passwords, bank account numbers, or Social Security numbers. Any time someone sends you an unsolicited message asking for this information, treat it with suspicion until you can independently confirm it’s real. Remember that the request doesn’t always come immediately — many scammers are good at playing the long game to gain your trust.

• Messages that address you by a generic phrase, like “friend” or “valued customer,” rather than your name. If the sender doesn’t know your name, the message is often spam at best or a scam at worst. However, dedicated scammers can research your information for so-called “spear phishing” attacks, so don’t assume a message is safe just because it uses your name.

• Requests for urgent action or threats of bad consequences. Scammers know that a threat or urgent request puts you under pressure and makes you less likely to double-check the details.

• Inconsistent addresses and domain names. Misspellings in email addresses or domains are a dead giveaway, as they usually indicate that a scammer is “typo-squatting” on a domain with a similar name.

• Suspicious attachments in file types such as .zip or .exe. These file types can easily install malware on your computer, so avoid clicking or downloading them unless you’re positive they’re safe.

Preventing and mitigating phishing attacks

You can take steps to prevent phishing attacks before they start and mitigate the damage if you do fall victim to a phishing scam.

• Use a known-safe method, such as a phone call to a customer service line, to confirm that messages are legitimate before providing personal information.

• Report suspected phishing attempts to:

  • The Federal Trade Commission's phishing report system

  • The organization the scammer is impersonating

  • Your employer’s IT department, if the scammer contacted you via work channels

• Use email authentication tools to prevent scammers from “spoofing” your business’s email address.

• If you’ve been the victim of phishing, immediately report it to important institutions like your bank and/or your employer. Change all of your account passwords, and consider freezing your credit.

• Keep your system’s security features up-to-date with software patches, and back up your data regularly on a storage volume not connected to your computer. If you’re compromised by a phishing attempt, an independent backup will enable you to restore your system.

   

Brightspeed will never ask you for personal information like your password, bank account, or Social Security number in an email, text, or phone call. See our security resources for more information on how you can combat phishing and other scams.