What's a phishing scam? Cyber security experts break it down
Yahoo Life is committed to finding you the best products at the best prices. Some of the products written about here are offered in affiliation with Yahoo. We may receive a share from purchases made via links on this page. Pricing and availability are subject to change.
Phishing scams are everywhere right now, and they seem to be getting worse. Thousands of phishing scams are launched every day, and they're usually successful, according to the Federal Trade Commission (FTC).
How successful? The FBI’s Internet Crime Complaint Center reported that people lost a whopping $57 million to phishing schemes in just 2019 alone. It's not just money they're after: Scammers will also try to steal your passwords, account numbers, or Social Security number to open new accounts under your name or commit health insurance fraud. Basically, you don't want to fall victim to phishing if you can help it.
Phishing schemes can pop up in a slew of places, including on suspicious websites. Software like Malwarebytes Premium Multi-Device offers multi-layered, advanced security to help give you 24/7 real-time protection against a variety of significant existing and emerging threats including phishing sites, malware, viruses, spyware, online scams and ransomware before they reach you.
Try Malwarebytes Premium Multi-Device for 30 days free. After that, it's $4.99 per month.
But to understand how to protect yourself from phishing scams, it's important to grasp what they are in the first place. Cyber security experts break it all down.
What is a phishing scam, exactly?
Phishing scams are a tricky form of an online scam, Joseph Steinberg, cybersecurity and emerging technologies advisor, tells Yahoo Life. "The scammer impersonates a reputable party by sending an email or other message that both appears to come from that reputable party, and which contains instructions to the recipient to perform some action that will expose the unknowing recipient to an adverse consequence," Steinberg explains. So, when a phishing scam is in an email form, it may ask you to click on a link and then enter sensitive information, such as your social security number or password, to update your "bank" account or something similar.
But that link will install ransomware on your computer and steal your sensitive information, according to Steinberg.
"Phishing is the tool of choice for many hackers and has consistently proven to be the easiest method by hackers to facilitate a breach," tech and cybersecurity expert Chuck Brooks, president of Brooks Consulting International, tells Yahoo Life. With phishing, hackers can "exfiltrate your valuable data" or "spread malware."
And if you think you wouldn't fall victim to this kind of scheme, be aware that many others have — and these scammers are good. The FTC has an example of a phishing email for what appears to be a Netflix account, asking someone to update their information. And it looks legitimate.
"Anyone can be fooled by a targeted phish, especially when it appears to be coming as a personal email from someone higher up the work chain, or from a bank, organization or a website you may frequent," Brooks says.
How to spot a phishing scam
The FTC has pretty detailed information on how to spot a phishing scam. However, they add this caveat: Scammers are constantly updating their schemes, making it hard to stay on top of them.
Here are some of the biggest things to look out for, per the FTC:
It will come from a company you know or trust. The scam may look like it's from a bank, a credit card company, a social networking site, an online payment website or app or an online store you're familiar with.
It will usually tell you a story to trick you into clicking a link or opening an attachment. That can include:
Saying there is suspicious activity or log-in attempts
Claiming there’s a problem with your account or your payment information
Saying you need to confirm personal information
Including a fake invoice
Asking you to click on a link to make a payment
Saying you're eligible to register for a government refund
Offering a coupon for free stuff
How to protect yourself from phishing scams
Steinberg says it all starts with good cyber hygiene, such as making sure to use security software on all of your computing devices. One option: Malwarebytes Premium Multi-Device, which will help flag a suspicious site before it can grab your information.
"Do not click on anything you do not recognize, especially attachments," Brooks advises. Other advice, per Brooks:
Check the sender's address to see if they are who they say they are.
Be aware of the latest trends that include phishing scams mimicking major brands and banks.
If you get an email saying you won a contest or have been left money in a will, delete it.
"Unlike in the past where you may have received emails with misspellings from a prince in a far-away place, phishing scams can be targeted and contain very realistic impersonation of graphics," Brooks says. "Phishing attacks are also increasingly automated by criminal groups sharing information and tools on the dark web so you always have to really be on guard."
Brooks recommends "automatically" deleting anything that asks you for your personal information.
Phishing scams are scary, but it's possible to avoid them. Doing your best to be aware of what could happen — and having software in place as a safeguard — will go a long way toward protecting your personal information.
Try Malwarebytes Premium Multi-Device for 30 days free. After that, it's $4.99 per month.
Read more from Yahoo Life:
Follow us on Instagram, Facebook, Twitter, and Pinterest for nonstop inspiration delivered fresh to your feed, every day
Want daily pop culture news delivered to your inbox? Sign up here for Yahoo Entertainment & Lifestyle's newsletter.