A man, wearing a watch, checking his email on the mobile phone he's holding

Security | Email Phishing

Phishing is a serious threat to individuals and organizations.

It's all too easy to fall into the trap of clicking on a fake email or attachment. Every day, people just like you receive emails that look incredibly real, but are not. While many of these messages are fairly harmless, others are truly nefarious in nature and can lead to financial loss, identity theft, credit report errors, and more.

Businesses may experience losses due to employees falling victim to phishing emails and inadvertently introducing malware into their networks. A situation like this could result in lost productivity, network downtime, increased security costs associated with incident response and post-breach recovery efforts, and legal penalties for failing to comply with industry regulations. The following information can help you protect yourself and your business.

Email is the most common form of phishing.

In this cyberattack, malicious actors trick unsuspecting users into providing confidential information, such as passwords, bank account numbers, and credit card details. Protecting yourself from email phishing requires vigilance and a good understanding of the methods employed by scammers. 

Phishers use seemingly legitimate emails that direct you to click on a link. When suspicious emails arrive in your inbox, verify the sender’s identity before taking action. If the message appears suspicious, look at the reply address; if it doesn’t match their official address or feels off in any way, do not click on any attachments or links.

The attachment could contain malware that can install code on your computer that monitors your activities and steals confidential information. Another type of phishing email has a link pointing to a malicious website hosted by the attacker, which looks very similar to the legitimate website it mimics. Clicking this link will take you to a fake website where your credentials could be stolen.

Pretending to be a representative from a financial institution, legitimate retailer, a government agency, or even your employer, the sender could ask you to confirm or update your personal information. When you enter it on these websites, it goes straight into the hands of identity thieves. Another common tactic phishers use is attempting to impersonate friends or family members. Be sure to verify requests for money or sensitive information before taking action, especially if they come from individuals you don't regularly communicate with online. Finally, never provide confidential information over email; instead, contact the company directly by phone or in-person to confirm whether or not the request is valid. 

Several telltale signs indicate that an email might be part of a scam: generic greetings such as “Dear Customer” instead of using your name; requests for personal information like passwords or credit card numbers; misspellings and poor grammar; threatening language; suspicious attachments or links contained within the body of the message; false “from” addresses, and URLs with unknown or strange domains.

Phishing emails might look like this...

“We regret to inform you that your merchant account has been suspended due to false or missing contact information. You are currently prohibited from accessing your account or using our marketplace. Please be advised that any outstanding seller fees are due and payable. We will charge any amounts not previously disputed to the payment method on file. To keep your account open, click this fake link to confirm receipt of this email.”

“During a recent security update, we could not verify your current address. Either your information has changed, or it is incomplete. The account will be frozen if your information is not confirmed or updated within three business days. To keep the account open, click this fake link and verify your address as soon as possible.”

Phishing can have far-reaching repercussions.

The effects can extend beyond the immediate victims in terms of financial loss and harm to one's reputation. Therefore, it is vitally important for organizations and individuals to recognize the risks posed by these attacks and take proactive measures to prevent them.

If you or your business has received email or is being spammed from a person or business pretending to represent First Northern Bank and Trust, call 1-800-344-2274 and report it right away so we can take appropriate action.