Hackers and scammers are often looking for ways to steal email addresses, passwords and data. With that information, they can easily 1) get access to the information in your sensitive accounts, 2) use these accounts to pretend to be you and attack others in your address list and 3) send spam to you or your contacts, thus spreading the damage to others. The way that they steal your information can be either be simple or very sophisticated. Either way, we all need to be extra careful of what we click, or where we use our email address and passwords.

Phishing is one method that is used to trick you. Most phishing attacks start with a spoof email that will appear like it’s from a legitimate service you already use or a person that you trust. Some phishing attacks you should watch out for include:

• emails that ask you to reply with your username/email and password
• emails with links to fake login or password reset pages
• emails with links to view or download a file from someone you don’t know
• emails that mention a current event, entice you with a prize or deal that is too good to be true, or pretend that there’s an urgent reason for you to respond or click on a link
• links on social network posts or comments that lead to fake login or password reset pages
• targeted attacks that appear like they’re from someone you know or includes personal information to get you to respond or click on a link

Malware is another sophisticated way to steal your email addresses, passwords or completely take over your computer. There are many types of malware out there: keystroke loggers, spyware, ransomware, scareware, adware, trojan horses, worms. Some really sneaky malware can be installed through a drive-by-download, just be visiting a website, viewing an e-mail message or by clicking on a pop-up window.

These, and hundreds of attacks like them, are designed to fool you into giving up information or doing something to reduce the security of your accounts or devices.

Tips to help you stay protected against phishing and malware:

1. Be careful what you click, download or install.
2. If you don’t trust a link in an email, go direct to the normal login page or verify with the sender.
3. Use two-step verification whenever it is offered and supported.
4. Help protect other people, report spam and phishing in your email client and report malicious links to Safebrowsing or Internet Explorer for browser blocking.
5. Enable browser security and privacy settings to block phishing, malware and other malicious sites in Chrome, Internet Explorer, Safari, Firefox or your favorite browser.
6. Use the most current versions and install security updates for operating systems, browsers, software and applications as soon as they become available.
7. If you use Windows, be sure to run current AntiVirus software (Windows Defender is a great defense and is free).
8. Stop, Think, Connect: Understand the consequences of your actions and behaviors

• Stop: take the time to understand the risks and learn how to spot potential problems
• Think: take a moment to be certain the path ahead is clear, watch for warning signs
• Connect: with confidence, knowing you’ve taken the right steps to safeguard yourself and your devices

It’s important to be aware of what these attacks look like so you don’t fall for them and do everything you can to protect yourself. The best approach if you suspect phishing or malware? Don’t bite!

Happy computing!