While technology makes everything easier, from chatting with a coworker to paying bills, it unfortunately also makes it easier for criminals to steal your personal information. One of the easiest, most successful ways they’re stealing sensitive information from consumers, businesses and even government offices is what we call phishing.
One of your best defenses against phishing is awareness – knowing what phishing is, how to spot it and how to avoid it. This article will offer insight into all things phishing, so you can remain vigilant against the many phishing attempts out there.
What is phishing?
According to the FTC, “phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information.” The most common ways these scammers contact their potential victims is through email, phone and social media.
Scammers, or “phishers,” attempt to steal private information such as social security numbers, bank accounts, login IDs and passwords, credit card numbers, etc. Once they get your information, identity theft, financial theft and fraudulent purchases are all very real possibilities.
Warning signs of phishing
Because phishers use similar tactics to get personal information from you, it’s easier to spot warning signs.Here are some common red flags of potential phishing attempts to be on the lookout for.
- Incredible offers – Don’t buy into promises of large sums of money, extreme discounts for services, free stuff or other tempting offers. If it sounds too good to be true, it most likely is.
- Account/password “verifications” – Messages instructing you to enter or verify your username and password are likely just attempts to steal them. Businesses will never solicit you to enter or verify your account information via email or text message.
- Overly friendly/flirty – Most common on social media, this method of phishing tries to appeal to your feelings. Scammers may pretend to be an old friend or a romantic interest to build your trust, then trick you into giving up personal information or sending money.
- Demanding/urgent messages – Phishers often try to get what they want from you as soon as possible, lest you have the opportunity to think about it and discover their scam. To expedite their efforts, they may threaten you with cancellation of services, fines and legal action including jail time if you do not immediately comply.
- Non-conventional payment methods – Be weary of anyone who asks you to pay for goods or services with gift cards or money transfers. Scammers often prefer these types of “payment” as they are quick and make it nearly impossible to get your money back.
If you’ve encountered any of these warning signs recently, you may have already been a victim of phishing. It’s important to know what to do if you’ve been a victim of phishing, and to act quickly to minimize potential consequences.
Types of phishing and how to avoid them
Email phishing attempts
Perhaps the most common type of phishing scams, emails can include a number of phishing techniques. The scam may attempt to get you to respond with personal information, or click a bogus link that will take you to a fraudulent site or install malware.
Phishing emails commonly come from unknown or suspicious senders, will not address you directly by name and may have multiple recipients. Furthermore, the email may have been sent at non-business hours and include unnecessary links or attachments.
Ways to avoid email phishing
- Investigate the sender – Phishers may try to throw you off by changing the “From” to something more representative of their scam. For example, they may change it to say “Customer Support” to create a false sense of credibility. View the details of the email to find the sender’s actual email address.
- Hover your mouse over any links – Before clicking on any links, hover your mouse over it and examine the web address. If it looks suspicious, do not click the link as it could take you to a fraudulent website or install malware.
- Look for bad spelling/grammar – You may notice frequent spelling or grammatical errors, or that the email was written in all caps. This can be a sign of a phishing attempt, especially if the email claims to be from a reputable business.
- Don’t open images or attachments – Unless you know who the sender is, avoid opening any attachments. They may look harmless, but they may also be a virus or malware in disguise.
- Create email spam filters – The best way to avoid phishing emails is to never receive them in the first place. Create email filters to block spam and unwanted attachments or images.
- Report it – If you receive an email you believe to be a phishing attempt, forward the email to email@example.com.
Social media phishing attempts
With the rapid rise and popularity of social media platforms and dating sites, phishers are turning to them more and more to commit their crimes. In these attempts, scammers may try to pose as a friend or romantic interest, or they may simply scan your profile for any personal information.
Ways to avoid social media phishing
- Limit what you post – Excited about your new driver’s license picture? Or your recent move? That’s great, but keep addresses and personal identification numbers off social media. Any personal information you post makes it easier for scammers to exploit it.
- Don’t assume all surveys are harmless – We all love a fun, random survey on social media, but be careful of what information you’re giving away. Seemingly harmless questions such as “What is the name of your first pet?” or “What was the model of your first car?” are often used as security questions. If a scammer gets the answers to these questions, they could use them to bypass password and login information.
- Be suspicious of people you don’t know – Social media is all about connecting with people, but be suspicious of why a person may want to connect. Are they claiming to be a distant relative or long-lost friend? Or perhaps they’re head-over-heels in love with you after a two sentence conversation? If you don’t know them personally, be suspicious of their true identity and intentions.
- Verify who you’re talking to – Scammers may create a spoof account of one of your connections and message you pretending to be them. They may ask for money or get you to “verify” information about yourself or others. If you get a message from a friend or family member that seems a little off, call or text the person to verify they sent you the message, not someone pretending to be them.
- Avoid fake social media websites – Phishers will go to great lengths to steal your information. One tactic is creating a fake website that resembles other popular social media sites. There will likely be areas to enter your username and password and, once you do, they have it. Carefully examine the URL for errors, such as “facebook.net” (instead of facebook.com) or “p0f.com” (instead of pof.com). Also, if you get a link to a social media site in an email, do not click the link. Instead, enter the web address in your browser to ensure you’re navigating to the correct site.
Text message phishing attempts
Phishing attempts via text message, aka “Smishing” because the attempt comes over SMS, are also becoming more common. In these attempts, scammers often pose as representatives of companies trying to get you to enter personal information or purchase discounted goods/services that don’t exist.
Ways to avoid text message phishing
- Search the number – Type the number into your web browser to see where it may have come from. Don’t rely solely on this, however, as some of the more sophisticated phishing attempts may use spoofed, or fake, numbers.
- Look for phishing warning signs in the message – Does the message claim you’ve won a contest you didn’t sign up for? Or is an urgent message imploring you to take immediate action? If so, it’s likely a phishing attempt to be avoided.
- Block texts from the internet – Most scammers will send you a text over the internet instead of by phone because it’s harder to trace and they can send many, many messages at once. Contact your service provider and ask them to block SMS messages sent over the internet. If they offer the service, and most large mobile providers do, that will prevent many of the large-scale text phishing attempts from ever reaching your phone.
- Reach out to the business directly – If you get an urgent message from your bank, credit card company, etc, call the customer service number listed on your last statement and speak with someone directly. Don’t call or text the number that contacted you. If they have no knowledge about the message you received or the problem with your account, the message was likely a phishing attempt.
Phone call phishing attempts
Though less common than email or text phishing attempts, phone calls are just as dangerous. The callers are often aggressive and try to make you feel like there is no other option than to immediately comply with their demands. Do not give any information over the phone if you do not know the caller.
“This is the IRS Audit Department. Our records show you owe $500. If this payment is not made immediately, we will take legal action, which could result in 6 months’ jail time. Confirm your address and social security number to continue.”
Ways to avoid phone call phishing
- Use Caller ID and voicemail – Take a look at who’s calling you before you answer. If you don’t recognize the number, let it go to voicemail. Most phishing callers will not leave a voicemail because it leaves a record of their scam.
- Call them back – If the caller claims to be from a business or government office, ask to call them back. Keep in mind the caller could give you a false callback number, so use the official customer service number from a recent billing statement or search for it online.
- Ask for it in writing – Federal and state laws give you the right to receive written verification of a debt. If a caller claims you owe a debt you’re unaware of, ask for it in writing and do not give any information other than your mailing address.
- Hang up – If something doesn’t seem right at any point in the call, hang up.
Are you a victim of phishing?
If you think you’ve been a victim of phishing, it’s important to act quickly to minimize the potential damage.
For stolen login IDs/passwords – Change your password immediately. Monitor your account closely for any suspicious activity.
For stolen banking or credit card information – If you have given away banking or credit card information, call the business immediately and inform them of what happened. They may have to cancel your current card and send you a new one.
For payments via gift card or money transfer – The money spent is likely lost, but you should report the incident to your local police department.
For theft of personal information – If information lost could be used in identity theft, such as social security, Medicare and passport numbers, fill out a report at identitytheft.gov.