Phishing attacks get more sophisticated

Phishing attacks get more sophisticated

Click a link. Download a file. And that's where the trouble begins.

Phishing attacks by email or social media attempt to lure you into revealing a password or downloading malicious software. And these attacks are getting ever-more sophisticated.

"Scammers have diversified far beyond poorly spelled, purely text-based phishing email these days, building entire fake websites and Facebook pages as lures for campaigns. But even the humble phish email has evolved," according to David Harley of WeLiveSecurity.com.

Some classic ways to detect phishing emails are getting more difficult as scammers get more sophisticated.

– Misspelled words. Sometimes done intentionally to get past filters.

– Links to scam sites. Links can seem real. If they contain bitly or tinyurl they should be treated as suspicious.

– DropBox and Google Drive documents holding malicious code.

– Attachments can appear to be materials you are genuinely expecting from people who should be sending the materials.

Some good rules:

– Hover over the links to see if the domain is genuine.

– Attachments should set off alarm bells. Search for the company and compare domains. Mayflowernursing.com is not the same as Mayflowernursinghome.com.

Names can be spoofed. A sophisticated phishing email might use a name that exists in your database — or the name of someone you know.

If the name seems correct, compare other information in an email to data on the company Website. An incorrect phone number is a tipoff.

If you think you are good at catching phishing attempts, test your skills at:

phishingquiz.withgoogle.com.