Phishing attacks use email or malicious websites to infect your machine with malware and viruses to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerabilities for criminals to use to attack. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access users’ accounts.
Spoofing attacks use email addresses, sender names, phone numbers, or website URLs that are disguised as a trusted source. Cybercriminals attempt to deceive users by changing one letter, symbol, or number within the name. This tactic is used to convince users that they are interacting with a familiar source. Cybercriminals want you to believe these spoofed communications are real to lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.
The criminals may try and lure you in by using lines like:
- “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
- “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
- “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
For more information on ways you can safeguard your information, visit https://www.StopRansomware.gov page.
If you have questions regarding phishing and spoofing, please contact the help desk at 717-871-7777 or email firstname.lastname@example.org.