Email, texts, and other forms of digital communication are an integral part of your daily life. Cybercriminals know this and are lurking on nearly every platform, counting on you to fall for phishing scams hook, line, and sinker.
Phishing is when scammers masquerade as reputable companies or individuals and use phone calls, email, direct message, or text message to lure you into sharing your sensitive personal information, like usernames, passwords, and bank account or credit card details. They might also use email attachments to secretly invade your computer via software or malware and steal confidential information directly.
As technology becomes more advanced, so do phishing attacks — both in their level of sophistication and in number. According to the Anti-Phishing Working Group, an international coalition focused on fighting cyber crime, the number of phishing schemes discovered during the first quarter of 2018 increased 46 percent over the fourth quarter of 2017.
Many businesses, from e-commerce retailers to financial institutions to email providers, use the latest technology to fight back against fraudsters. You can be part of the battle as well — by using low-tech surveillance to sniff out the scam.
To protect yourself against a phishing attack, always be on the lookout these red flags in any messages you receive:
- A sense of urgency
- An unknown sender
- Request for action
- An unsolicited offer
Now it’s time to test your knowledge.
Can you catch a phisher in the act? Take a look at the following potential red flags. Which ones sound (or smell) phishy? The answers are revealed at the end.
1. You receive an email with the subject line, “Banking Alert: Need to Transfer Funds Immediately or Be Subject to Fee.” And the message itself is written in the same alarmist tone.
2. The sender’s name is the top executive of your bank and their email address is YourCEO@mycommunitybank.com.
3. Someone calls with the offer to increase your credit limit. To receive the boost, you’re asked to provide your account number.
4. An email informs you that an unauthorized person tried to access your account and you must click on the included link to reset your password.
5. An email from an ecommerce site you frequent about a problem with your payment has numerous misspellings.
6. Your bank sends you a text asking you to confirm your checking account number.
7. A financial planner emails from the company where your 401(k) is invested, but there’s no contact information or email signature.
8. A text informs you that your account has been suspended and to reinstate it, you must reply with your account login credentials.
9. You receive an email from someone you don’t know requesting you to download an attachment.
10. An email from an online payment service informs you of a discrepancy with your account. To rectify the situation, you need to click the included link and login to your account.
11. A bank sends you an email informing you of an inheritance from a deceased relative and that you must contact them to claim it.
12. A message invites you to download a shared document from Dropbox or to view one on Google Docs.
If you answered “phishy” to each one of these, you’re correct. We’re not out to trick you, so we wanted to provide you clear examples of what you might experience when being targeted by a phishing scam.
Curious to know more about each scam? Here’s a bit more about how these schemes work, how to spot the warning signs and ways that you can maintain your privacy.
1. Scammers bet that a sense of urgency and alarmist tone will cause you to freak out and do what’s asked of you immediately.
2. An email or voice message has more credibility when someone in a powerful position sends it. That’s why fraudsters imitate authoritative figures. The wonky email address, however, is a dead giveaway.
3. If a legit financial institution is offering you a credit limit increase, they have access to your account. You don’t need to provide them the details.
4. You should always be wary when asked to click on a link in an email. To determine whether a URL is real or fake, hover over the link with your mouse. If the URL differs from what you know it to be or what appears in the email — any slight misspelling or tiny change matters — don’t click.
5. Businesses always put their best foot forward. So bad grammar and misspellings are dead giveaways that an email is fake.
6. Think about it: Your bank created your account number. It never needs you to confirm it.
7. Legitimate businesses always provide contact information, so a lack of details should make you suspicious.
8. Reputable businesses never suspend customer accounts out of the blue or ask customers to share their login credentials.
9. Scammers use attachments to transfer dangerous viruses and malware to your computer. Malware can unknowingly spy on you or steal your passwords. To keep your personal information private, only open attachments you are expecting — even if they’re sent by someone you know.
10. It’s unlikely that a legitimate payment service or financial institution is going to ask you to click a link to login. Before clicking, test any link by hovering your mouse over it. If it looks strange, don’t click. Or type the address directly into a new window and look for its secure certificate.
11. This one is pretty easy to see through. If a family member has died, you’re probably going to know about it already. (Why would your bank know before you?)
12. Sharing documents via an external storage or cloud system is more common than ever, making it an appealing target for scammers. If you frequently use one of these storage systems, protect your account with two-step verification.
Phishing poses a significant threat to your personal information and knowing how to ID a phishing attack is often the best defense.
After all, if you fail to take the bait, the phisher will swim on.