Blog

Protect Yourself From Being Phished

Posted by Michael Kirby on Feb 26, 2019 12:10:00 PM

What is a phishing scam

A phishing scam is when malicious emails target a company’s customers by pretending to be from a legitimate email address. They will typically use the company name, but with an extra word or character slipped in. Phishing scams can also show a legitimate email address,  like message-service@post.xero.com, but really they’re spoofing it. The message is actually coming from an entirely different email address.

These emails are designed to trick you to enter your email and password that they can use to login to the original site or use your password for another site. Whenever you enter your username and password online you should check that you’re actually on the right site.

As online fraud continues to grow, we’ve put together some advice to help you stay safe online.

How to avoid being phished

1. Verify the email 

If you receive an email address prompting you to login or send personal details, always check the email address it’s coming from. Make sure it matches the other emails you’ve received from that company. This includes the wording in the email and any imagery used.

2. Don’t click on a suspicious link

Always check the login link they provide in the email. Usually a quick look at the URL will tell you if something is off. Large companies and banks will have secured websites – this means their URL will say “https” instead of “http”. This is an important difference as it means you’re on a secure site. You can always skip the link and navigate to the login site on your own. That way you know you’re logging in to the correct site.

3. Reach out and ask

If all else fails, send the email to the customer service department of the company in question and ask if it is legitimate. Your vigilance could alert them to a problem affecting multiple customers. Xero has an email address set-up for just such events: phishing@xero.com. They will always verify if an email was from us.

If you think you’ve been phished for any site, login and change your passwords immediately. You should also contact the company to let them know your account may have been compromised. It’s better to let them know before any damage has been done.

Sourced from Xero Accounting Blog

Categories

see all