Columns

Tech Tips: Phishing scams grow more sophisticated

Phishing scams have come a long way from the poorly designed spam messages we’re used to seeing. Today’s phishing scams are sophisticated, targeted, and designed to trap consumers. Here’s how you can avoid falling victim to these scams.

The term “phishing” refers to any scam that attempts to fool you into revealing personal or account information. They’re specifically engineered to mimic a real message you might expect to receive, like a delivery notification or a bank confirmation. They may claim to be urgent requests to update payment details or reactivate your account. They can come through email, text message, or social media. And they can be incredibly convincing.

If you click, you’re taken to a login page that looks legitimate. But if you enter your username and password, the hackers will take that information and hijack your account and any others that use the same password. This happens within moments.

Suddenly, your social media accounts are frozen. You can’t log into your bank. You’re getting strange messages in email. Sounds like a nightmare, and it is. Fortunately there are ways to spot phishing scams before they lure you in.

Never click on links in email, text or instant message. If you receive a notification, like a delivery or a bank inquiry, go directly to the site in your web browser and check your notifications there.

The same goes for messages that come from friends – but seem odd. When hackers hijack someone’s social media account, they blast phishing links to everyone on that person’s friends list. They’re banking on getting some clicks before the person has a chance to warn their friends that they’ve been hacked.

Strong passwords are a priority. If you’re using the same password on multiple accounts, you can see how fast the phishers can strike. You need to use different passwords on every site. It may seem cumbersome, but with a password manager like KeePass or 1Password, you can do it in one click.

Two-factor authentication also will help, but it’s not a guarantee. Two-factor authentication refers to the secondary login code that is sent to your phone or authentication app. But phishers will go after those, too. That’s why most banks and other organizations have started including a warning along with the code, reminding consumers not to reveal the code to anyone else.

Use the best security software you can find. The built-in defenses for Windows and Mac simply aren’t enough against today’s sophisticated attacks. Keep your computer and phone updated with the latest security patches.

Remember, phishing scams use a sense of urgency to get you to react. Whenever you receive a message, take a moment to look it over. Don’t reply or respond to a phishing message. Any contact information in a phishing scam likely goes to a fake phone number or email address. Instead, go directly to the site in question to find the customer service phone number if you need it.

You can report phishing scams to the FTC at ReportFraud.ftc.gov.

• Triona Guidry is a freelance writer and consumer technology specialist offering tech support and advice for home computer users. For free weekly tips and news by email, subscribe to her Simple Tech Tips blog at www.lightningtechsupport.com/subscribe.