Gone Phishing: 6 Tips for Verifying Identity When You’re Asked For Data


More Americans experienced a data breach in 2017 than ever before. The results of a study conducted by Javelin Strategy & Research show that 16.7 million Americans had their identities compromised, resulting in a loss of $16.8 billion.

The study also found that consumers are losing trust in institutions, shifting “the perceived responsibility for preventing fraud from themselves to other entities, such as their financial institution or the companies storing their data.”

One of the biggest trends the study found is that account takeover tripled over the past year. Victims pay an average of $290 out of pocket and spend 16 hours on average to resolve the situation.

Account takeover is often done through phishing. Phishing is a technique that hackers use to convince people to give up their data by opening links, email, or attachments infected with malware.

What can you do to verify the identity of those asking for you to provide information?


1. Start With A Google Search

When you’re asked to click on a link or open an attachment that asks for your data, pause for a moment. Think about what you know about who’s asking. Is it an organization you’ve heard of? Is it a person you know?

If something gives you pause, search for the person or company on Google. This search may provide valuable information to help you verify whether the request is legitimate or a scam.

DOWNLOAD NOW: 4 Most Common Phishing Scams (And What You Can Do About Them)


2. Reverse Image Search

Depending on where you see the request, an image may be attached to the person.

Save the image by taking a screenshot, and then upload that image to Google for a reverse image search. Scammers may steal photos from elsewhere online to pass off as their own. If you see the image you person sent associated with someone else, this is an indicator the profile may be a scam.


3. Make Sure The Website Is Secure

Click on links with caution. However, if everything else has passed muster and you’ve already clicked, don’t submit any further information until you’ve verified the website is secure.

You can check whether a website is secure by noticing whether its URL begins with “http” or “https.” You’re looking for “https.” This means an additional layer of protection safeguards your data. Some browsers may also specifically alert you that a website is not secure. Proceed with caution on those sites.


4. Beware Of Facebook Links

Phishers often prey on Facebook users because of the vast number of profiles on the network. When a victim clicks a link, the phisher essentially takes over the profile and posts malicious links on behalf of the person. More people click, and more profiles become infected.

If a Facebook link seems suspicious, Google it before you click it.


5. Search Public Records

Verify someone’s identity before revealing any information of your own. Ask for government-issued documents or do your own search of public records, such as marriage or birth certificates, and even criminal records.


6. Stalk Social Media

If an organization is asking for information, see whether they are verified on social with a blue checkmark. If not, they may still be legitimate, but verify them in other ways (such as a Google search or the Better Business Bureau).

The best method to use when verifying any person or business online is to stick with common sense. If it feels off, it’s probably off.

Use any combination of methods here to ensure that whoever is asking for your data will use it only as necessary and will protect it once it is sent over.

4 most common phishing attacks and what you can do about them