How to avoid phishing scams
What does ‘phishing’ mean?
Phishing is a cyber crime where someone posing as a legitimate institution tries to lure targets into providing sensitive data over email, phone or text message. Attackers often try to get information like banking and credit card details or passwords.
To avoid scams and protect your online identity and personal information, the Federal Bureau of Investigation offers these tips:
- Phishing attempts often change one character of a trusted source in phone numbers or emails. Carefully examine the email address, URL and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Remember that companies generally don’t contact you to ask for your username or password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own, and don’t use the one a potential scammer is providing. Call the company to ask if the request is legitimate.
- Be careful what you download. Never open an email attachment from someone you don’t know, and be wary of email attachments forwarded to you.
- Set up two-factor authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
Source: Federal Bureau of Investigation
Subscribe to the Indiana Cyber Blog
Website visitors can subscribe to the Indiana Cyber Blog at in.gov/cybersecurity.
To test your own understanding of cybersecurity, go to the blog’s website, and click on the “assess yourself” tab.
Source: David Ayers, Indiana Office of Technology program communication manager
Editor's Note: A previous version of this article incorrectly reported how the Cyber Hub was started. It has been corrected to say the Indiana Executive Council on Cybersecurity started the cyber hub. David Ayers' professional title has also been corrected to the Indiana Office of Technology program communication manager.
As people search for information about COVID-19 vaccines, cyberattackers are targeting people to give health care information, payment or passwords for scams related to the pandemic.
Vinayak Tanksale, Ball State senior lecturer of computer science, said phishing scams and misinformation are spreading quickly on social media as more people fall victim to these cyberattacks.
“There are certain attacks of misinformation being spread about facts — those are pretty much targeted to a core group that hold a certain position,” Tanksale said. “The number of cyberattacks have been going up the past 20 to 25 years.”
Tanksale said anyone can be targeted in a cyberattack through links or information that looks real but might actually be dangerous. He said each attacker has a preferred demographic in their attacks, and older generations are likely the most at risk of cyber attacks because they might not know signs to look for in a phishing email.
Emails that come from untrustworthy sources, redirect users to unknown links or convey an unusual sense of urgency are three main ways to spot a phishing attack, according to the U.S. Department of Homeland Security. Tanksale said firewalls that block suspicious links from being opened are useful tools in cybersecurity for technology.
Tanksale’s advice is to “check before you share” or “check before you forward” to prevent inaccurate information being shared and any online identity thefts. One resource he recommends is Indiana’s Cyber Hub, a weekly blog that gives advice about how to stay safe online.
The Indiana Executive Council on Cybersecurity started the Indiana Cyber Hub in December 2020 to combat cybersecurity threats and provide educational resources for all Hoosiers to protect themselves online.
Chetrice Mosley-Romero, Indiana cybersecurity program director, said the blog works to be understandable for all audiences and attempts to feature blog posts from people from different backgrounds and job fields.
“Cybersecurity is everything,” Mosley-Romero said. “Tying it only to technology is why people still don’t understand cybersecurity.”
Mosley-Romero said the Cyber Hub works to organize its resources by categories — business, government, education, individual, assess yourself and Indiana cyber strategy — to make it easier to navigate.
While the Indiana Cyber Hub launched last year, Mosley-Romero said her department hasn’t allocated a budget toward sponsored social media posts, but it has been posting regularly on its Facebook and Twitter pages. She said what exists on the blog right now has been helpful for schools and health care employees, as well as individuals looking for relevant cybersecurity resources for their daily lives.
Particularly during the COVID-19 pandemic, Mosley-Romero said, schools have been popular targets of cyberattacks. This can be seen in “Zoom bombs” during online classes.
To promote web safety in a virtual classroom, the Indiana Cybersecurity for Education Toolkit suggests creating unique passwords for each Zoom meeting, avoiding posting Zoom links to social media and disabling screen sharing except for the meeting host.
In addition to safety advice, the Cyber Hub provides links to report a cyber crime, disproves common phishing scams and posts weekly content from different authors in their individual areas of expertise.
David Ayers, program communication manager for the Indiana Office of Technology, said blog users can choose specific topics of cybersecurity that apply to them. He said he thinks the Cyber Hub will get more visitors as people learn about and interact with the blog.
“The State of Indiana is working proactively involving the issue of cybersecurity,” Ayers said, “and, in turn, serving all Hoosiers.”