What is phishing? A typical phishing scam starts off with an email in which the attacker impersonates a well-known brand, product, organization or other entity. The goal is to trick the recipient into believing that the email is legitimate and of great interest or importance. Anyone who clicks on a link or file attachment in the email is then taken to a landing page where they're asked to sign in with personal account credentials and/or provide other sensitive data, which can be captured by the attacker.
Below are some common types of phishing scams to watch out for. Remember, the best way to avoid them is to NOT open attachments or click on links from suspicious external email senders.
Fraudulent Shipping Notifications
With more people shopping online due to the Coronavirus pandemic, cybercriminals are more commonly launching phishing emails or links that impersonate shipping notifications.
This type of scam typically attempts to trick the recipient into believing that they're donating money to a charity. In reality, the scammers are luring people to donate to charities that don't exist.
Gift Card/Coupon Scams
As online holiday shopping ramps up, more scammers will be likely to use gifts cards and coupons to steal money from unsuspecting consumers. In this scam, the phishing email typically creates a sense of urgency by offering a great deal on a popular product. But the attackers will ask for payment through gift cards.
Travel Phishing Scams
The holidays are a time when many people travel to see family or take vacations, but be suspicious of enticing vacation offers from sources you don't recognize. In one type of travel scam, you may receive a notice informing you that your booking has been canceled due to the pandemic. The email notice asking you to fill out a form to claim your refund could be a malicious one designed to capture your personal information. In a related scam, you may be offered free airline tickets from what seems to be a legitimate airline. The only requirement is that you forward or share a link to the deal on your social media account, which could lead others to a phishing site.
Please always beware of any communication that requires you to disclose your personal information without giving you enough details to verify the legitimacy of the sender. Always double check sources making unusual requests to collect your personal information.
What do you do if you click a phishing link?
- Disconnect your computer from the network and/or power it off immediately.
Calling 416-2700 (option 5) or send an email to IT Security at ITSecurity@scsk12.org from a separate email account to report it to IT right away.