Ultimate guide to avoid phishing scams

Nicole George
NG
Nicole George
Apr 12, 2018

Technology makes everything easier. Unfortunately, it can also make it easier for criminals to steal your personal information. One of the most successful ways they’re stealing sensitive information from consumers, businesses and even government offices is through phishing scams.

Your best defense against phishing is awareness – knowing what phishing is, how to spot it and how to avoid it. You don’t want to become a statistic — the FBI’s Internet Crime Complaint Center reported that people lost $30 million to phishing scams in 2017. So, we’ll offer insight into phishing examples and how to avoid phishing, so you can remain vigilant against the many attempted scams out there.

What is phishing?

According to the Federal Trade Commission (FTC), “phishing is when someone uses fake emails or texts – even phone calls – to get you to share valuable personal information, like account numbers, Social Security numbers or your login IDs and passwords.

Scammers then use this personal information to steal your identity and/or money, hack into your computer or personal accounts, contact others in your network (pretending to be you) to take their information and more.

Phishing examples

Phishing email

Phishing emails are some of the most common phishing scams. These emails attempt to get your personal information either through a response from you or getting you to open an attachment or click a fake link.

Phishing emails commonly come from unknown or suspicious senders, will not address you directly by name and may have multiple recipients. Furthermore, the email may have been sent at non-business hours and include unnecessary links or attachments.

Ways to avoid email phishing scams

  • Investigate the sender – Phishers may try to throw you off by changing the “From” to something more representative of their scam. For example, it might say “Customer Support” to create a false sense of credibility. View the details of the email to find the sender’s actual email address.
  • Hover your mouse over any links – Before clicking on any links, hover your mouse over it and examine the web address. If it looks suspicious, do not click the link as it could take you to a fraudulent website or install malware.
  • Look for bad spelling/grammar – You may notice frequent spelling or grammatical errors, or that the email was written in all caps. This can be a sign of a phishing attempt, especially if the email claims to be from a reputable business.
  • Don’t open images or attachments – Unless you know who the sender is, avoid opening any attachments. They may look harmless, but they may also be a virus or malware in disguise.
  • Create email spam filters – The best way to avoid phishing emails is to never receive them in the first place. Create email filters to block spam and unwanted attachments or images.
  • Report it – If you receive an email you believe to be a phishing attempt, forward the email to the FTC at spam@uce.gov.

Ways to avoid email phishing

  • Investigate the sender – Phishers may try to throw you off by changing the “From” to something more representative of their scam. For example, they may change it to say “Customer Support” to create a false sense of credibility. View the details of the email to find the sender’s actual email address.
  • Hover your mouse over any links – Before clicking on any links, hover your mouse over it and examine the web address. If it looks suspicious, do not click the link as it could take you to a fraudulent website or install malware.
  • Look for bad spelling/grammar – You may notice frequent spelling or grammatical errors, or that the email was written in all caps. This can be a sign of a phishing attempt, especially if the email claims to be from a reputable business.
  • Don’t open images or attachments – Unless you know who the sender is, avoid opening any attachments. They may look harmless, but they may also be a virus or malware in disguise.
  • Create email spam filters – The best way to avoid phishing emails is to never receive them in the first place. Create email filters to block spam and unwanted attachments or images.
  • Report it – If you receive an email you believe to be a phishing attempt, forward the email to spam@uce.gov.

Social media phishing attempts

With the rapid rise and popularity of social media platforms and dating sites, phishers are turning to them more and more to commit their crimes. In these attempts, scammers may try to pose as a friend or romantic interest, or they may simply scan your profile for any personal information. 

Social media phishing

With the popularity of social media platforms and dating sites, phishers are increasingly using them to commit their crimes. Social media phishing scams include posing as a friend or romantic interest or simply scanning your profile for personal information.

Ways to avoid social media phishing

  • Limit what you post – Excited about your new driver’s license picture? Pumped about a recent move? That’s great, but keep addresses and personal ID numbers off social media. Any personal information you post makes it easier for scammers to exploit it.
  • Don’t assume all surveys are harmless – We all love a fun, random survey on social media, but be careful of what information you’re giving away. Seemingly harmless questions such as “What is the name of your first pet?” or “What was the model of your first car?” are often used as security questions. If a scammer gets the answers to these questions, they could use them to bypass password and login security defenses.
  • Be suspicious of people you don’t know – Social media is all about connecting with people, but be suspicious of why a random person may want to connect. Are they claiming to be a distant relative or long-lost friend? Or perhaps they’re head-over-heels in love with you after a two-sentence conversation? If you don’t know them personally, be suspicious of their true identity and intentions.
  • Verify who you’re talking to – Scammers may create a fake identity and message you pretending to be them. This is called “catfishing.” They may ask for money or get you to “verify” information about yourself or others. If you get a message from a friend or family member that seems a little off, call or text the person to verify they sent you the message, not someone pretending to be them.
  • Avoid fake social media websites – Phishers will sometimes create a fake website that resembles other popular social media destinations. There will likely be areas to enter your username and password and, once you do, they have it. Carefully examine the URL for errors, such as “facebook.net” (instead of facebook.com). Also, if you get a link to a social media site in an email, do not click the link. Instead, enter the web address in your browser to ensure you’re navigating to the correct site.

Text message phishing

Phishing scams via text message — aka “smishing,” because the attempt comes over SMS — are also becoming more common. Here, scammers often pose as representatives of companies trying to get you to enter personal information or purchase discounted goods/services that don’t exist.

Ways to avoid text message phishing

  • Search the number – Type the number into your web browser to see where it may have originated. Don’t rely solely on this, however, as some of the more sophisticated phishing attempts may use fake numbers.
  • Look for phishing warning signs in the message – Does the message claim you’ve won a contest you didn’t sign up for? Is an urgent message imploring you to take immediate action? If so, it’s likely a phishing attempt to be avoided.
  • Block texts from the internet – Most scammers will send you a text over the internet instead of by phone because it’s harder to trace and they can send many messages at once. Contact your service provider and ask them to block SMS messages sent over the internet. If they offer the service, and most large mobile providers do, that will prevent many of the large-scale text phishing scams from ever reaching your phone.
  • Reach out to the business directly – If you get an urgent message from your bank, credit card company, etc, call the customer service number listed on your last statement and speak with someone directly. Don’t call or text the number that contacted you. If they have no knowledge about the message you received or the problem with your account, the message was likely a phishing attempt.

Phone call phishing

Though less common than email or text phishing scams, phone calls are just as dangerous. These calls may come as an urgent message, such as “This is the IRS Audit Department. Our records show you owe $500. If this payment is not made immediately, we will take legal action, which could result in six months’ jail time. Confirm your address and social security number to continue.

The callers are often aggressive and try to make you feel there is no other option than to immediately comply with their demands. Do not give any information over the phone if you do not know the caller.

Ways to avoid phone call phishing

  • Use Caller ID and voicemail – Take a look at who’s calling before you answer. If you don’t recognize the number, let it go to voicemail. Most phishing callers will not leave a voicemail because it leaves a record of their scam.
  • Call them back – If the caller claims to be from a business or government office, ask to call them back. Keep in mind the caller could give you a false callback number, so use the official customer service number from a recent billing statement or search for it online.
  • Ask for it in writing – Federal and state laws give you the right to receive written verification of a debt. If a caller claims you owe a debt you’re unaware of, ask for it in writing and do not give any information other than your mailing address.
  • Hang up – If something doesn’t seem right at any point in the call, hang up.

Protect one of your largest assets and keep a peace of mind. Use Allconnect to evaluate home security providers and features.View security plans

Best practices to avoid phishing

No matter which way a scammer attempts to contact you — email, call, text or social media message — there are some common things to look out for and best practices to avoid phishing scams.

  • Incredible offers – Don’t buy into promises of large sums of money, extreme discounts for services, free stuff or other tempting offers. If it sounds too good to be true, it most likely is.
  • Account/password “verifications” – Messages instructing you to enter or verify your username and password likely just attempt to steal them. Visit a verified website or call the number from a statement to confirm if your account needs verification.
  • Overly friendly/flirty – If someone seems a little too friendly, especially someone you don’t know well, they may be trying to get information from you. Don’t share any information with strangers and call or text a friend who asks for something through social media.
  • Demanding/urgent messages – Phishers often try to get what they want from you as soon as possible, lest you have the opportunity to think about it and uncover their scam. To expedite their efforts, they may threaten you with cancellation of services, fines and legal action, including jail time, if you do not immediately comply.
  • Non-conventional payment methods – Be wary of anyone who asks you to pay for goods or services with gift cards or money transfers. Scammers often prefer these types of “payment” as they are quick and make it nearly impossible to get your money back.

If you’ve encountered any of these warning signs recently, you may have already been targeted. It’s important to know what to do if you’ve been a victim of phishing scams and to act quickly to minimize potential consequences.

Are you a victim of phishing?

If you think you’ve been a victim of phishing scams, it’s important to act quickly to minimize the potential damage.

  • For stolen login IDs/passwords – Change your password immediately. Monitor your account closely for any suspicious activity.
  • For stolen banking or credit card information – If you have given away banking or credit card information, call the business immediately and inform them of what happened. They may have to cancel your current card and send you a new one or close down an account.
  • For payments via gift card or money transfer – The money spent is likely lost, but you should report the incident to your local police department so they can keep an eye out for similar reports.
  • For theft of personal information – If information lost could be used in identity theft, such as your Social Security Number, Medicare information, passport numbers or more, fill out a report with the FTC at IdentityTheft.gov.

No matter how vigilant you are, you should always take steps, such as upgrading your router’s security settings, to protect your identity online. Get more information and expert advice on protecting your identity, home security and more in our resource center.

Shop internet plans