Outsmart Phishing Scams
You’ve probably heard of phishing. But do you really know what it is - and more importantly, how to protect yourself from falling victim to it? Phishing scams have become very sophisticated, but there are some simple things you can do to protect yourself and keep your personal information safe.
What is Phishing?
Let’s start with a basic description: Phishing is a type of scam where an attacker sends a fraudulent message to trick you into revealing sensitive information - often to access your accounts or commit identity theft.
Phishing attempts usually occur through email, over the phone, or via text message. They can be very well-designed to look or sound like legitimate messages from those you know and trust, such as your financial institution, and may contain a link that directs you to a fake website that looks legitimate.
Tip #1: Do not expect phishing emails to be filtered into your Junk mail. Because they are often individually crafted based on information gathered on your social media sites, they can avoid detection from advanced email filters.
How to Detect Phishing Scams
There are ways to avoid phishing scams if you know what to look and listen for. Be on the lookout for these identifying factors:
- Inconsistencies in email addresses. Phishing emails will typically come from an unfamiliar, unusual email address. The easiest way to detect this is to hover your cursor over the email address to reveal the true “from” address. This will usually reveal the email as a fraud and can be done without actually clicking into the email itself. For example, if an email allegedly originates from your financial institution, but the domain name reads something else, it’s likely a phishing email. Delete it immediately.
- Unfamiliar greeting or salutation. Sometimes the informality or other irregularity of a salutation can and should provoke suspicion. Be on the lookout for this type of irregularity in emails and text messages, and perhaps even phone calls. For example, if your financial institution greets you with a nickname you don’t use with your accounts, it’s an indication of phishing.
- Bad grammar, spelling mistakes or unusual language. Legitimate emails and text messages will not have these mistakes. However, they are often found in phishing scams.
- Demand for urgent action. This is key! Emails, text messages and phone calls threatening some type of negative consequence, loss of money, or missed opportunity are key factors in phishing scams. The urgency prompts you to act without thinking and is what ultimately gets intelligent consumers to fall for these well-designed phishing scams. The scams have flaws, but the panic they create can cause consumers to take swift action before errors can be spotted.
- Requests for passwords. Do not respond to a text alert, email, or phone call asking for a password, PIN, or any other security information. Never give this information to anyone, even if you think it’s your bank or credit union. They will never ask you for this information. Ever.
Tip #2: Be wary of long text numbers. If you receive a text message from an unidentified number longer than 10 digits, the odds are high it’s a scam.
More Dos and Don’ts to Protect Yourself
- Don’t click on links in an unsolicited email or text message.
- Don’t use the phone number a potential scammer provided in an email or text message. Look up the company’s phone number on your own and call to verify the authenticity of the message or request.
- Don’t give out personal information such as passwords, credit card numbers, bank account numbers, dates of birth, or Social Security numbers.
- Don’t respond to suspected phishing emails, text messages or phone calls, even if you think it would be fun to tease or trick them. It’s best to avoid responding in any way.
- Do be suspicious of anyone pressing you to act immediately.
Tip #3: Phone numbers and caller identities can be faked to look like the caller ID is from a business you know and trust, like your financial institution. Never trust that the caller ID is accurate. It is best to look up the company’s phone number on your own and call them.
If you detect suspicious activity, contact the alleged company directly. In the case of your financial institution, call at the number listed on the back of your bank-issued debit card, in your banking app, or the bank’s official website.
« Return to "Blog"