Protect Yourself From Common Phishing Scams

Cartoon man carrying out a phishing scam on a computer.

Phishing is a very real threat to all of us. It’s the use of deception to trick people into providing private information. This might include credit card data, passwords, or other financial information. It might also include getting an unsuspecting individual to perform a task, such as clicking a link or completing a wire transfer.

Types of Phishing

Email Phishing

Email phishing scams are the most common. The scammer is posing as a legitimate business or organization. The subject line of a phishing email is specifically designed to get you to open the message. Once an email is opened, the content is focused on getting you to click on a link. An example of this might be an email that looks like it’s from your credit card company or financial institution telling you that your account has been compromised and asking you to reply immediately.

Smishing

Smishing is the use of text messages rather than emails to carry out a phishing scam. Rather than an email, the victim will receive a text from what seems to be a legitimate source, which may contain a malicious link. They request a person take immediate action and when a link is clicked, malware may be installed on a user’s device.

Social Media Phishing

Social media phishing is when a scammer uses a social networking site, such as Facebook, Twitter, or Instagram to obtain personal or sensitive information. Similar to email phishing, hackers are posing as a legitimate or trusted source or a well-known brand and trying to lure a target into clicking on a malicious link.

Social media phishing is becoming one of the most common phishing scams. The Federal Trade Commission (FTC) reported a huge spike in social media scams in 2021. According to their report, social media is highly used in investment scams, particularly those that involve phony cryptocurrency investments. The FTC reported that more than half the people who reported losses to investment scams in 2021 said the scam started on social media.

Fake Website Phishing

Fake websites generally work in conjunction with phishing emails. An email provides the link to a fake website and once you click on it, the site asks for a password or account information. It may even install malware on your device. The fake website might contain just a subtle change to a well-known URL to trick a user into clicking it.

Vishing

Voice phishing or vishing is when a scammer calls a target and creates a sense of urgency luring you into providing information. An example may be a call pretending to be the IRS asking for your social security number.

How to spot common phishing scams

An out-of-the-blue email or text from a company you know or trust might be a phishing scam. They claim there is a problem with your account or with your payment information. They ask you to provide personal information or account numbers. They request you to click on a link or fake invoice. To identify phishing scams, look for:

• Poor grammar or misspelled words.

• No real contact information on a website.

• Shortened links.

• Fake brand logos

• Messages about high-pressure situations designed to panic you.

• Suspicious links or attachments.

• Too good to be true offers or a government refund.

• A caller number that comes from an unusual location or is blocked.

• A request for personal information that seems unusual.

Protect yourself so you don’t get hooked by a scammer on a phishing expedition!

1. Protect your computer by using security software and setting the software to update automatically.

2. Protect your mobile device by setting software to update automatically.

3. Protect your accounts by using multi-factor authentication. This will require two or more credentials to log into your account.

4. Protect your data by backing it up.

5. DO NOT click on-site links in an email unless you are absolutely sure what they are and who they are from.

6. Check a link by hovering over it before clicking. You can hover over the link and see what it looks like. If it’s not the URL of a legitimate company or organization, do not click. It might look legitimate, but there could be a slight change.

7. Check for the padlock icon in the browser bar of your search engine. If you don’t see it, it’s a problem.

8. If you’re unsure about an email, text, or call, go right to the source. If they say they are from your credit card company and that your account has been compromised, get the contact number from the back of your credit card, and call the credit card company directly and ask if they contacted you via email or phone. Chances are the answer will be no.

Report a Phishing Scam

Your credit union will never email or call you to provide your password or social security number over the phone or via email or text. They will only ask you to provide personal information to verify an account when you call them directly.

If you ever suspect a scam, contact your financial institution, and report it to the FTC.

Greg Quinn