Don’t Let Phishing Scams Reel You In

Don’t let Phishing Scams Reel You In

As online scams go, email phishing is one of the oldest tricks in the book. You know how it goes:

• “You’ve won a $10,000 cash prize! Click here to claim your reward!”
• “Save thousands with these free coupons! Click here to redeem…”
• “The Federal government has selected your home as a test site for a state-of-the-art, energy-efficient air conditioning unit. Click here to see how it may affect your tax return!”

The truth of these emails is: you haven’t won $10,000, you don’t need the special coupons to save thousands and the Federal government would never randomly send you an email telling you its using your home as some sort of HVAC guinea pig. And by clicking on any of the links in the emails, you’re likely rolling out the red carpet for cyber criminals to steal your personal private information.

Hundreds of thousands of emails like this are sent by hackers every day. They do it knowing that 99.99% of them will be filtered by a well-functioning email server’s firewall settings or ignored and trashed if it does make it through to someone’s inbox. It’s that .01% of people who click on the link that keep the criminals in business. It is tempting to click on a link when you see what looks like a great deal.

Text message phishing has grown in popularity. The concept is the same, but the messages are more succinct. Imagine you get a text message alert on your phone. It’s from a number that is not in your contacts. You open it up and it reads like this:

“Recent purchase of $483.64 is confirmed at www.amazn.com from your card. Call us on 18447220348 if not you.”

This is a classic example of a phishing text. If you know what to look for, it’s easy to spot the clues that reveal it’s a fake:

1. The phone number from which it came is unrecognized to you.
2. Multiple grammatical errors show that it was put together hastily.
3. The web address to confirm the purchase is spelled incorrectly.
4. After doing a little bit of research, you confirm that the phone number isn’t listed on any Amazon.com page as a valid customer service line.

Those reasons alone are enough to recognize that it’s false. Additionally, if you are keeping a close eye on purchases from your Amazon.com account, you will know that there was never an order placed for that amount. When you put it all together, the sensible thing to do is ignore the message or swipe it to your deleted items.

To combat the seemingly endless string of these messages, there are a number of things you should do—and not do.

Do

• Be suspicious if you are asked to wire a portion of funds to a company or an individual.
• Be wary of lotteries or free trials that ask for your bank account number or to click for more information.
• Keep an eye out for irregular spellings of words or website addresses.
• Verify if the sender is an official email or phone number of the vendor it is representing.

Don’t

• Don’t trust the appearance of emails or text messages, it’s easy for cyber criminals to make them look legitimate.
• Don’t click on any links or accept any offers in the email or message unless you’ve confirmed that it’s a company with whom you have a relationship.
• Don’t click on links in an email to verify your bank account.
• Don’t send a reply email or text message to confirm that you have received the original message.

If you think you may have accidentally clicked on a link or responded to a phishing attempt, there are several steps you should take:

• Call your bank and credit card companies to cancel any debit or credit cards you have open.
• Keep a close eye on your bank and credit card statements for the next 30 to 60 days to make sure there are no unknown charges.
• Update and change your passwords to Online/Mobile Banking, online retailers or other sites.
• Lock your credit and debit cards until you are able to verify if anything has been compromised.
• Run a security scan on your computer or smart phone to detect any malware that may have been downloaded.
• Sign up for a credit monitoring service to receive alerts and notifications about any suspicious activity.

The best protection against a phishing attempt is being diligent and recognizing that not all messages are what they seem. Resisting the urge is the best defense against these practices.