Late last week, Walmart alerted the public to an email-based scam that used the company’s name (misspelled as “Wallmart”) to illegally gather information about users. The email sported the title “Thanks for your Walmart.com order,” and after confused users clicked on links within the emails, their Walmart accounts were charged. While local police departments and Walmart representatives were quick to report and warn consumers about this specific threat, it’s important to keep in mind that consumers around the world lost an estimated $1.5 billion in 2012 alone to this type of Internet scam, known as “phishing.”
“Phishing” scams trick web users into downloading an infected file, clicking a toxic hyperlink, or giving up private information. Increasingly, phony offers on social networking sites and text messages (also known as SMiShing) are also used to target mobile devices as well. The end result of successful phishing attempts differs from one scam to the next, but the most common types of attack result in a hacker gaining access to sensitive information (like the password to your online banking site or your email account), access to the information you store on your laptop or mobile device, or even control of your device
Some phishing scams rely on widely recognized brand names to cash in on your trust, as in the case of the “Wallmart” phishing attack last week. A more sophisticated strategy known as “spear phishing” targets people who are thought to be using a specific credit card, bank, or other online payment system before sending fraudulent messages. Most of us are more likely to open a message we think is sent from our bank than from a bank we’ve never used.
As a rule of thumb, if you are at all unsure about the origin of your email (as with an unprompted “Thank you for your purchase!” message), do not click on links contained in that email. Instead, go directly to the website domain to check your account and search for the sale or offer described. And remember: If an offer sounds too good to be true, it probably is.
If you suspect you’ve been a victim
Realizing that you might have opened yourself to a phishing attempt can be pretty scary, so if you think you’ve downloaded a fishy file or clicked a dubious link, there are several steps you can take:
1.) Change your passwords. If you believe your email account, online banking or payments information, or social media account has been compromised, change your login information as soon as possible. This could stop a phisher from accessing your account, or at least prevent him from doing any serious damage.
2.) Update your security software. Make sure that your antivirus or cross-device security software like McAfee LiveSafe is up-to-date on ALL of your devices (smartphones, laptops, PCs, Macs, or tablets). And if you’ve downloaded a file or visited a website that might have infected your device, run a security scan and wipe any questionable items.
3.) Check your financial records. Even if you’re unaware of an initial phishing attack, your bank and credit card statements will reveal if your information was compromised. As a best practice, thoroughly check your statements each month, and if you suspect fraudulent activity, immediately contact your bank directly via phone to place a fraud alert on your account.