Banking locally EVER IS KEEPING YOUR AFTER INFORMATION SAFE

PHISHING TRENDS AND TIPS FOR PROTECTION

In the cyber security world, incidents account being directly phished. The combina- claim many of the headlines. However, tion of these realities in today’s ever-connected scams are actually a bigger to consumers world means that organizations using and businesses. Phishing email scams have addresses as usernames can reasonably become more widely used because of the way assume that a significant portion of their users’ we interact with the world, mostly through credentials have been compromised via mobile devices. Texts, posts and phishing attacks at some point or another. There messages are meant to be fast ways of are strategies to use in order to avoid falling communicating, and this leads to prime victim to phishing scams, protecting personal opportunities for cyber criminals to implement and financial information in the digital age. and be successful at phishing. We do not always take a close enough look at to Recent Trends check their legitimacy, especially when using a PhishLabs identified phishing sites residing on mobile device, and the brief nature of messages more than 170,000 unique domains, a 23% in today’s digital environment makes it easy to increase over the last year. Attacks targeting overlook questionable email requests, links or government tax authorities have grown more attachments. than 300% since 2014. In fact, there were more IRS phishing attacks in January 2016 than there Additionally, phishing has become more were in all of 2015. The share of attacks against common because it is easier for attackers to business targets in the continues launch phishing attacks quickly. Criminals can to grow, accounting for more than 81% of all shop for and customize phishing toolkits along phishing attacks. Of more than 29,000 phish kits with everything they need to build an effective analyzed, more than a third used techniques to scam. And now, the lines between our busi- evade detection. A phish kit is a collection of ness and personal lives are blurring on mobile, files containing the files and graphics needed to making our attractive targets for easily create a phishing site. These are becom- criminals. Cyber criminals also recognize the ing more readily available, making phishing a heavy reliance on email addresses instead of serious threat to consumers and unique usernames and the frequency in which businesses alike. are reused. In many cases, a high percentage of these stolen credentials provide access to multiple accounts in addition to the Source: Cybernetic Global Intelligence

What Is Phishing and How to Recognize It • Too good to be true These are often “attention seeking” Phishing is a cyber-crime in which a target is emails designed to get you to click on contacted by email, telephone or text message something. These items could range from by someone posing as a legitimate individual or anything to winning the lottery, a new business, intended to lure individuals into phone or a fancy trip. If it sounds too providing sensitive data. This data may include good to be true, do not click on the email personally identifiable information, banking, or any attachments or links within. credit card details and email or account passwords. The information gathered in a • Sense of urgency phishing scam is then used to fraudulently open Often phishing scams arrive as time- new accounts, withdraw funds, make purchas- sensitive communications or offers. es or compromise other accounts on or offline. Messages may say that you have a short Recognizing a phishing scam is becoming more period of time to respond. Don’t hesitate complex as cyber criminals get more to slow it down and do some more sophisticated in their efforts. However, here are investigating. a few tell-tale signs that you may be the target • of phishing: This is a common tactic for criminals because you can change a character in • Unusual Sender a and redirect an individual to If you do not recognize the message, just about any site. Make sure you look at sender or even if the message is unex- hyperlinks very closely or just delete the pected, delete it. Hovering your mouse email if you do not recognize the sender. over the sender’s or Hovering over the hyperlink allows you clicking on the address on a mobile de- to see where it is directing you. If it isn’t vice allows you to see who originated the familiar or looks suspicious, do not click. message. If it is different from the normal email message received from the company or individual, do not click on attachments or links in the message. • Attachments Common Questions If you see a file that seems out of place, • Is email the only place phishing includes a hyperlink, or has anything occurs? other than .txt in the name, do not open it. No, not necessarily. While email accounts These files could potentially contain are the easiest to target, phishing attacks or a virus to hack your may also use , social computer or data. media sites, phone calls and texting to target individuals and gather their What are tips for avoiding phishing? personal information. Use the same In addition to being diligent about the emails you methods of identifying phishing scams via open and the links or attachments you inter- email with other sources as well. act with, there are other steps you can take to • Who is most vulnerable to phishing? avoid phishing in the first place. Consider using Anyone can be a target and ultimately a a spam filter to block message from unknown victim to a phishing attack. However, most senders. However, it may be beneficial to review individuals who are harmed by phishing your spam folder every now and again to ensure are those who are not familiar with you aren’t missing important, legitimate mes- technology, such as older adults. Using sages. Also, be diligent about updating settings the tactics above and preventing phishing on your browser, specifically indicating you do is especially important to those who may not want pop-ups to open without your approv- be more vulnerable. al. Finally, be sure to change your passwords on a regular basis, and try not to use the same Top Resources iteration of passwords on multiple or accounts. Below are several resources to help you better understand phishing scams. Also, be sure to use What are tips for responding if My Money Roadmap’s Learn Center for more phishing happens? information about cyber security and financial topics relevant in today’s ever-connected world. 99 Change your passwords immediately. 99 Contact the company that was used in Protecting Yourself Against Phishing* the phishing scam so that they may alert others. What is Phishing* 99 Scan your computer for malware and v Cyber Security Tips* iruses periodically. 99 Watch for identity warning signs, like new accounts, new credit inquiries, or other suspicious activity on your credit report. 99 File a report with the Federal Trade Commission after you received a phishing scam email.

*You will be linking to another not or operated by the bank. We are With phishing attacks increasing, it’s crucial that not responsible for the availability or content of this website and do not represent either the linked website or you, should you enter into a transaction. You are en- we raise our awareness and be better positioned couraged to review the privacy and security policies which may differ from ours. to respond when incidents do occur.