Phishing is when someone sends fraudulent emails in an attempt to access your personal information — or to manipulate you into giving them your personal information directly. And these emails typically look very credible. Here are a few examples of phishing emails:
- Asking you to reply with confidential information: In this situation, the email is designed to look like it was sent from a trusted source — say your email provider, Amazon.com, or even your bank. The email may ask you to reply directly with your personal information — such as your account information or your Social Security number — for “verification purposes." Once you do, the scammer then has your confidential information. These emails often look legitimate, but always remember that a trusted source will never ask you to reply to an email with any type of personal or confidential account information.
- Asking you to click on a link: Many phishing attempts also use links to fake websites, and here's how they do that: You'll receive an email that appears to be from a trusted source, and the email message asks you to click a link within the email to log in to your account. The email may express urgency about this, claiming they need you to verify your account information because someone tried to access your account, or because the company is doing routine maintenance. Once you click that link, though, you're sent to a fake website that looks nearly identical to a website you trust. You enter your information, thinking you're logging in to your legitimate account, and then your info is sent straight to the scammer — with you none the wiser.
- Asking you to open a file: Phishing email scams have evolved to include mimicking popular cloud-based storage sites like Dropbox and Google Docs. For example, you could receive an email that appeared to be from a trusted source, such as the company you work for or a reputable financial institution, asking you to open a Google Docs file. Doing so, however, would give scammers access to your email account and contacts list.
Why phishing works
Phishing's effectiveness relies on what cybersecurity experts call "human fallibility." In other words, it's not a weakness of a particular hardware or software configuration that makes people vulnerable; instead, it's human nature.
With phishing, scammers try to appeal to your emotional side by spoofing the name of a person or company you know so that you feel a sense of trust. Or they'll try to bring out your inner curiosity by dangling a link to a Google Doc or Dropbox file, leaving you wondering what it contains.
Another common tool for these scammers is urgency. The email you receive might say that your account has already been compromised and you need to act quickly, or that a co-worker needs something immediately before you both get fired. Whatever the context, the goal is to get you to act without thinking.
Why people who work from home are more at risk
Everyone who uses email is potentially at risk of falling victim to a phishing attempt. But people who work from home are somewhat more at risk because of the nature of their workday. In an office setting, it's easy enough to drop by your coworker's cube to ask about that unexpected file they sent — or that urgent request that required emailing some of your company's financial information. At home, you may grow accustomed to just responding to those emails from colleagues and outside vendors — and responding promptly.
Additionally, the average person's home computer and network is typically not set up as securely as it would be in the office. And this makes people vulnerable to malware and ransomware attacks if they open a malicious file or click on a malicious link.