October is National Cybersecurity Month and reminds us that avoiding malicious phishing attempts masquerading as innocuous emails, texts and calls is essential to preventing over 90% of all cyberattacks seeking to steal valuable data and privacy information. 

Phishing is a common tool used by cybercriminals to get a targeted victim to reveal sensitive information by pretending to be someone they’re not. It relies on psychological manipulation to trick victims into handing over their data. 

Despite an estimated 3.4 billion phishing attempts each day, just 56% of companies provide employees with security awareness training, and a mere 35% conduct phishing simulations. 

Here are 6 types of phishing to avoid: 

An Unexpected Attachment or Link 

Scammers often send phishing emails or texts asking targets to click on a malicious link or attachment. Don’t take the bait!  Never open an email attachment that you’re not expecting. It can infect your device and trigger email spam that sends itself to everyone on your contact lists. 

An Unusual Request 

Fraudsters may impersonate an executive or C+ leadership to take advantage of an employee’s desire to do what they ask of them. According to a recent report from KnowBe4, the most-clicked phishing emails pretended to come from HR on subjects related to vacation policy (19%), dress code policies (11%), payroll (11%) and training deadlines (9%).  

If a request seems out of the ordinary, stop and think, could this be a scam? Then, call the person or organization who supposedly sent the request and ask if it is legitimate. 

An Urgent Request or Demand 

Urgency is a tactic frequently employed by cybercriminals to convince their victims to provide information without taking time to second-guess themselves. For instance, pretending to be a sales representative, banking institution or a package delivery service that threatens the loss of sales or withholding services if targets don’t quickly respond by clicking on malicious link designed to gain entry into their systems. 

An Offer Too Good to Be True 

Think twice if you receive an offer of money or a prize. These “too good to be true” hacks are designed to trick you into giving away account credentials or to download malware onto your computer. Follow these tips: 

  • Make sure the sender’s email address matches who they’re claiming to be. If the part of the email address after the ‘@’ doesn’t match the company they’re claiming to be, it’s likely a scam. 
  • Before clicking any links, hover over them to see if they go to where you’d expect. 
  • If it sounds too good to be true, it probably is. Phishing emails are designed to take advantage of your excitement to make easy money or get something for free.  

A Social Media Request from Someone You Don’t Recognize 

Fraudsters use social media to build connections with targets and access the rest of their networks. Never accept friend requests from people you don’t know. Beware of messages such as “You appeared in 200 searches” or “Your account will be terminated” or “Your computer is infected.” They are often phishing scams to get you to click on malicious links that harvest your logins and passwords.  

A Fake Support Inquiry 

Scammers only need a stolen logo to mimic tech support. Beware of phishing emails, online chats and direct support calls offering to reset a password or resolve a service or technical issue. Examine the URL of any website they send you. If it doesn’t contain the correct primary domain name of the company you think you’re interfacing with, don’t engage with them. 

Click here for interactive training on how to recognize and prevent phishing attacks.