Beware of These 6 Phishing Risks

Blog Post09/21/2017
Identity Protection

By now, you probably already know the risks data breaches carry when they expose your personal information. But there’s another kind of risk that’s equally dangerous, but often overlooked: criminals can use breached information to learn more about potential victims so they can attack them later. One such attack is called “phishing.”

Be it a “text” from mom, a “message” from a friend or a seemingly harmless email, phishing attempts rely on human nature to get ahold of your financial information. This kind of cyberattack continues to pose a huge problem, long after the Department of Homeland Security had it in mind when naming October as National Cyber Security Awareness Month. Fortunately, understanding the facts about phishing can go a long way toward keeping your information safe.

1. Social Networking Sites Are at Risk

Phishing is not limited to email and website pop-ups. Links in online ads, status updates, tweets and Facebook posts can lead you to criminal portals designed to steal your financial information.

Forwarded information from friends and family across social networks can also perpetuate dangerous cyber scams. The best way to protect yourself is to avoid clicking on questionable links or entering login or financial information on a website that requires you to navigate to a separate site.

2. Beware of Misspelled Domain Names

Phishing scams tied to brand names often make use of similar web addresses to take advantage of misdirected web traffic. The difference of a single character in an URL can lead you to a website that appears almost identical to a legitimate website for a brand, but it’s actually run by cybercriminals. Pay attention when you transact business online, and keep an eye on your credit report to watch for signs of suspicious activity that could be the work of cybercriminals and thieves.

3. Cybercriminals Can Hide Website Addresses

Hovering your mouse over a link to verify the link’s address before you click on it isn’t a safe way to ensure the link isn’t part of a phishing scam. Cybercriminals can use special programming to hide or change the real address of a website. Be wary of emails with links or attachments that contain no further information and consider using http://longurl.org/ to expand short links.

4. Criminals Use Legitimate URLs

Years ago, seeing a website address that began with “HTTPS” almost ensured an authentic website, but that’s no longer the case. Cybercriminals also purchase website security certificates to trick you into thinking that this use of security protocol means the website hosting the phishing scam is legitimate.

5. You Can’t Always Spot a Scam at First Sight

Don’t expect to identify a phishing scam through text riddled with grammar and spelling mistakes. That was a hallmark of old-school cybercriminals. The scammers of today have access to sophisticated phishing toolkits that spell check and clone actual websites — making it harder to identify a scam at first glance. Even if the site or email appears to be from a company you do business with, call their customer support to see if they sent you a message and never send personal information over email.

6. Phishing Sites Can Hide from Search Engines

In an ideal world, search engines could always identify and block phishing sites and associated content. Unfortunately, the phishing toolkits available to cybercriminals can block search engines from recognizing phishing sites, even when a site is a clone of a legitimate brand site.

Consumers can’t rely on third parties to protect them from these types of scams, but they shouldn’t be paranoid about navigating the web either. Careful browsing, frequent credit checks with a credit bureau and following these tips are some of the best ways to stay safe when navigating the Internet.

Disclaimer: The information posted to this blog was accurate at the time it was initially published. We do not guarantee the accuracy or completeness of the information provided. The information contained in the TransUnion blog is provided for educational purposes only and does not constitute legal or financial advice. You should consult your own attorney or financial adviser regarding your particular situation. For complete details of any product mentioned, visit transunion.com. This site is governed by the TransUnion Interactive privacy policy located here.