Phishing is a type of attack on personal data that comes in the form of a fake email or website, which is made to look like it comes from a reputable site – but does not. A user might, for instance, get an email that has all of the themes and imagery of a typical message from Facebook, except this email will tell the user they need to reset their password and will offer that user a login prompt to do so. The user clicks on the prompt, is directed to a fake webpage that looks like Facebook, and then the user enters their login and password. Just like that, the phishing attack has succeeded.
There are several ways to avoid phishing attacks. The common theme in each is to be highly suspicious of any online request for your personal information.
1. Never complete a request for personal information that comes in an email.
2. Only enter personal information on a secure website. You will know a website is secure if the URL begins with 'https://'and if a lock icon appears in the lower right corner of your Internet browser. Click on that lock icon to view the site's security certificate.
3. Look for telltale signs of forgery in emails that request personal information – spelling errors are immediate red flags. If the prompt to a webpage to enter your data has an URL that is different than the site you expected to be going to, that is a sure sign of a phishing attack.
4. Don't click on links asking for personal information. Instead, go directly to the site in question by typing the URL into your browser manually.
5. Make sure your computer's antivirus suite has phishing protection.
6. Make sure your web browser, antivirus, and all software programs on your computer are always updated to the latest versions that have the latest security patches.
7. Report any suspicious messages to your bank or social media platform immediately.