Learn More About Phishing Scams - Saratoga Medical Center

What is Phishing?

Phishing is a form of fraud in which the attacker tries to learn personal information such social security numbers, drivers license numbers, and more by masquerading as a reputable entity or person in email, IM or other communication channels.

Typically, a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may install malware on the user’s device or direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords, personal ID’s, account IDs or credit card details.

Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses. Phishing campaigns are sometimes built around the guise of a new job interview or opportunity.

To make phishing messages look like they are genuinely from a well-known company, they include logos and other identifying information taken directly from that company’s website. The malicious links within the body of the message are designed to make it appear that they go to the spoofed organization. The use of similar domains, subdomains and misspelled URLs (typosquatting) are common tricks, as is homograph spoofing — URLs created using different logical characters to read exactly like a trusted domain. Some phishing scams use JavaScript to place a picture of a legitimate URL over a browser’s address bar. The URL revealed by hovering over an embedded link can also be changed by using JavaScript.

Tips to Prevent Phishing Attacks

1). Learn to Identify Suspected Phishing Emails

There are some qualities that identify an attack through an email:

It could duplicate the image of a real company.

The email may copy the name of a company or an actual employee of the company.

It might include sites that are visually similar to a real business.

It may promote gifts or new job opportunities.

2). Enhance the Security of Your Computer

Common sense and good judgment are as vital as keeping your computer protected with a good antivirus to block this type of attack. In addition, you should always have the most recent update on your operating system and web browsers. See Below.

3). Have the Slightest Doubt, Do Not Risk It

The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data. Delete these emails and contact us immediately by phone.

What to do if you think your identity has been stolen

Call the fraud departments of all 3 credit reporting agencies. Ask them to place a fraud alert on your file. This alert tells creditors to call you before they open any new accounts in your name.

Equifax: 1-800-525-6285

Experian: 1-888-397-3742

TransUnion: 1-800-680-7289

File a report with your local police. Even if the police can’t catch the identity thief, having a police report can help you clear up your credit records later on.

File a complaint with the Federal Trade Commission (FTC). Trained counselors staff the FTC’s identity theft hotline toll-free at 1-877-IDTHEFT (1-877-438-4338). Or you can file a complaint by visiting www.ftc.gov/idtheft

Fill out the Identity Theft Affidavit: (https://www.consumer.ftc.gov/articles/pdf-0094-identity-theft-affidavit.pdf), which will help you when you tell other companies an identity thief has opened a new account in your name.

You can also check out these resources for more tips and information:

Federal Trade Commission (FTC) Identity Theft site(www.ftc.gov/idtheft) (mentioned above)

U.S. Department of Justice—Fraud Section site:  https://www.justice.gov/criminal-fraud