While many companies and financial institutions go the extra mile to implement advanced cybersecurity precautions to help keep their users safe, it’s important for consumers to feel prepared to spot fraud and protect their information as well.
Here, we break down some tips for recognizing phishing scams and to help keep your information and identity safe online.
What is phishing?
Phishing is a type of cyberattack where scammers will disguise themselves as a trusted source to try to get you to take an action like logging into your account, changing your password, transferring money, or installing software. The objective of these attacks—which can take place over email, text message, or phone calls—is typically to bait people into sharing personal or sensitive information and data that scammers can use for malicious intents, such as accessing personal accounts, stealing money, or identity theft.
How can you spot a phishing scam?
While some phishing scams may be easy to spot, that’s not always the case. And unfortunately, one of the problems with phishing scams is that they prey on fear and create a sense of urgency that doesn’t always lend itself to paying careful attention to detail. For example, the recent Zelle scams that impacted customers of several banks started with a fake text alert of suspected fraud. Asked to confirm or deny the flagged transaction, customers would then be contacted by a supposed bank representative and asked to provide their Zelle credentials to prevent the unauthorized transfer. Sure enough, those who cooperated with the phony reps unwittingly put their information directly into the hands of the fraudsters.
However, a closer look at this email—or any email—could help you catch common phishing warning signs. For the most part, these fraudulent messages often:
- Pretend to be from a company or person you trust
- Try to get you to click a link or open an attachment
- Warn you of suspicious transactions or login activity on your account
- Require you to confirm or provide personal information, such as your credit card information or social security number
- Send you a fake invoice or other false documents
- Ask you to make a payment via gift card or money transfer
- Say that you are eligible for a refund, free money, or free stuff
In addition to these telltale signs that you might have a scam on your hands, keep an eye out for other red flags, including spelling mistakes, poor grammar, generic greetings, urgent calls to action, and suspicious links or attachments.
What should you do if you think you’re the target of a phishing scam?
Even if some phishing attacks are harder to detect than others, you’ll often find that just one of the red flags above is enough to make you suspicious. If something seems fishy and you suspect that there’s a threat to your cybersecurity, here are a few ways to protect your information and identity:
- Take a minute. Resist the urge to act immediately or engage with the message in any way until you’ve looked into the situation further.
- Avoid providing any personal information. Legitimate companies, including your bank or banking institution, should never ask you to provide sensitive information over email or text.
- Log into your account. If you’ve been notified that something is up with your account or your information needs to be updated, go to your account separately using a familiar login—either on your app or online—and look for notifications or action items directly in the dashboard or account management tab.
- Contact the company. When in doubt, reach out to the company you supposedly received a message from via trusted methods (for instance, the phone number on your credit or debit card) to confirm whether or not the communication you received is legitimate.
- Report it. If you’ve confirmed that a message you’ve received is a phishing scam, make sure to report it directly to the company being impersonated so that they can take necessary actions to eliminate any risk to their customers. It’s also a good idea to report the fraud through the Federal Trade Commission.
For more information about phishing and tips to keep your identity and personal information safe from cyberattacks, see this article from the Federal Trade Commission.