Centennial College logo

Data-Entry Phishing

A person typing on two laptops

Do NOT ENTER!!

Data-entry phishing emails persuade people to reveal sensitive information

Blame autocorrect. Blame your voice assistant. Maybe you blame the lateness of the hour, or “a friend” using your phone.

Whatever the cause, chances are good that you’ve accidentally texted private information to the wrong person. The embarrassment may still burn, but the mistake probably didn’t have serious consequences.

It’s easy to make these simple errors—even when nobody is trying to deceive us. But what about when scammers are working hard to trick you into divulging your secrets? Some phishing attacks try to infect your device with malicious software (malware) to steal information.

But data-entry phishing simply asks you to provide the information. All too often, people give scammers exactly what they want.

The good news is: Everyone can learn how to recognize and avoid these phishing attacks.

DATA-ENTRY PHISHING EXPLAINED

In data-entry phishing, a scammer will often pose as a trustworthy organization and send you an email that urges you to click a malicious link.

Clicking the link will send you to a fraudulent website that requests specific information: account logins, banking details, personally identifiable information (PII), or other proprietary information.

Entering the information will send it directly to the scammer, who can use it against you or your organization.

Imagine that you receive a phishing email that appears to come from your bank. It urges you to click a link to log in and resolve an error or problem.

Clicking that link would send you to a malicious lookalike page that asks you to provide your login credentials. Entering the information would give the scammer access to your bank account.

DETECTING DANGERS

Data-entry phishing scams can be difficult to detect.

An email with no malicious attachments may be able to slip past email security systems.

Also, many phishing sites will redirect you to the legitimate site immediately after harvesting your information.

These factors make it harder to notice anything is wrong, which can put your identity and your employer’s data at risk.

If a scammer obtains your login credentials, they gain access to the accounts. They could use the accounts to access additional valuable data.

WHAT CAN I DO?

First, be suspicious of any email that asks you to click a link. A credible business should never:

  • Ask for sensitive information over email
  • Request you perform security checks
  • Prompt you to click a link to reactivate your account

Clicking a link in any email is risky.

Instead, use a search engine to find a legitimate website or use a known web address you’ve previously bookmarked.

If a website is asking you to submit personal information or log in, stop and ask yourself these questions:

  • Do I normally have to log in to this website to take this action?
  • Is this website asking me to log in multiple times?
  • Does this website really need this personal information from me?
  • Is the website requesting details it does not normally ask for?

IF YOU SUSPECT YOU MAY HAVE REVEALED INFORMATION IN A PHISHING SCAM:

  • Remain calm.
  • Immediately report the incident to the IT Service Desk.
  • If you’ve revealed any banking information, report the potential compromise to your financial institution.
  • Change any passwords you might have revealed to keep scammers from accessing your account.
  • Lastly, monitor the affected account for any signs of identity theft.