Key Takeaways:
- Phishing scams involve scammers sending messages in hopes you’ll click on a link and provide valuable personal information.
- Watch for subtle red flags in messages like grammatical errors and misspelled links.
- Be cautious on social media — messages from family members and friends could be from accounts that have been compromised or fake accounts.
- If you’re a victim of a phishing attempt, contact companies of accounts that may be impacted, like your bank, and consider placing a credit freeze on your credit report.
Disclosure:
This post only contains educational information. No financial, tax or legal advice.
This information is for educational purposes only and we do not guarantee the accuracy or completeness of this information. This information does not constitute financial, tax or legal advice and you should consult your own professional adviser regarding your situation. This website may contain links to third party websites. We are not responsible for their content or data collection. Trademarks used in this material are property of their respective owners and no affiliation or endorsement is implied.
Have you ever received an email or text that just didn’t seem right? Maybe it was addressed to you and supposedly from a company you knew, but something felt a little off? It may have been a phishing scam.
What is a phishing scam?
Phishing attacks happen when fraudsters trick you into sharing personal information like passwords or credit card data. These scammers may try to get you to click a link for what you think is a legitimate business or offer. Then, they hope you’ll enter your information on their fake website, which often matches the look of the legitimate website.
The link may also download malicious software that could harm your computer and steal information stored on it. Once fraudsters have your information, they may use it to try to get into your existing accounts or open new accounts in your name.
How to spot a phishing email
Protecting yourself against phishing scams can help you safeguard your personal information finances. Here are some things to look out for if you receive a suspicious message:
- There are obvious grammatical errors
- Domains are misspelled or shortened
- Communications from a business are unexpected
Be cautious of seemingly professional messages sent through email, messaging apps and text messages (smishing) that contain obvious grammatical mistakes. These can be a simple, obvious sign of unprofessional and potentially nefarious communication.
More savvy cyber criminals can make their phishing attempts seem more legitimate. For instance, a site where the URL starts with “https” may seem secure, but scammers can buy these security certificates for their own imposter websites to trick you into thinking it’s a safe website.
Scams tied to popular companies will use similar web addresses but may have a URL that’s off by a single character. These similar, but fraudulent, web addresses may take you to a cloned website that looks identical to a company’s website where you normally do business. When cybercriminals send links through email, they may try to hide or shorten links to make them hard to verify.
Even if a site, email or text seems real, if you weren’t expecting a communication from the company, reach out to their customer service to double check. If a company representative is contacting you out of the blue and requesting personal information, take a pause and consider reaching out to the company directly.
Pro Tip:
The scammer’s goal is to get you to enter your valuable information. Then, they can then try to use it for fraudulent purposes like taking out lines of credit in your name. Be cautious when providing personal information online.
Be aware of social media phishing
Fraudsters can also turn to social media to carry out phishing scams. Of course, never click on a link in a private message from someone you don’t know. But even if a family member or friend shares a link you don’t recognize, it could be that their account has been compromised. Alternatively, they may not realize they’re unknowingly sharing a fraudulent site. If a message or post from a family member or a friend seems unusual, reach out to them offline or through some other platform about the suspicious message you received.
Protection against phishing attacks
The best way to protect yourself from falling victim to a phishing attack is to avoid clicking suspicious links. If you see something that feels off, take the following steps:
Don’t respond immediately
Sometimes scammers may use urgency as a tactic to get you to respond quickly. They may say you’ve been locked out of an important account or that there was suspicious activity. Because you know it’s important to protect your valuable information, you may feel the urge to get to the bottom of it immediately. In situations like these, you can afford to take a breath and a couple of moments to consider whether it’s some sort of scam.
While some companies may send automated emails or text messages if there is suspicious activity on your accounts, they usually will not ask you to email or text private personal information related to that account.
Reach out to the company directly
If you receive an unexpected communication from a company, don’t use the phone number or email address provided in the suspicious email or text. Get the contact information from the company’s website directly. Tell the customer service agent about the type of communication you received and the email address it came from. They’ll be able to let you know if it is legitimate or not.
Taking time out of your busy day to contact customer service may seem like a chore, but that one call could save you a lot of time in the long run if it keeps you safe from identity theft and the accompanying recovery process.
Use link previews when possible
Many email providers provide a way to preview a link’s full web address without clicking on it. If you see a suspicious link in an email while you’re using a computer, hover over it with your mouse cursor. A pop-up or line should show up somewhere on your screen to show you the full address so you can see if it really belongs to the company. Previewing links on your computer or mobile device may work differently depending on your email provider or app.
What might be a phishing email?
Here is an example of what the body of a phishing email could look like:
Image for illustrative purposes only.
Why might this email be a phishing attempt? You’ll notice first they are leading with strong urgency in all capitalization. Then, they call the recipient “account member.” With important alerts specific to your account, you would want to see some sort of personal identifier to know it is not a generic or spam message meant to be sent to many people. The capitalization of “Risk” can also be a sign of unprofessional communication. To end, the sender asks to provide valuable account information in the link provided, which is unusual and suspicious.
There are certainly instances in which your bank will want you to respond quickly to help keep your account safe. But the other clues, like vague directions and a direct request for personal information, are an indication the email isn’t legitimate. With phishing emails like this one, there may be several signs that something isn’t right. But even if there’s only one thing that gives you pause, reach out to the company directly or sign in to your online account, if you have one, to verify the alert.
What to do after a phishing attack
If you’ve clicked on a link you suspect was fraudulent, don’t be embarrassed. Scammers continue finding new ways to trick even the savviest among us. First, consider scanning your computer with antivirus or anti-malware software to check for any malicious programs that may have been installed. You should also change your passwords for important accounts, like your email, bank and social media accounts. Be sure to use unique passwords and enable multi-factor authentication if possible.
Consider placing a credit freeze and fraud alert on your credit report immediately to protect your data.If you think you’ve given a scammer your information by accident, go to identitytheft.gov for specific steps to start your recovery from identity theft.
There are additional steps to take to recover from the fraud, like contacting any companies where the fraud occurred and reporting the crime to local authorities. Time is of the essence, so responding quickly will help tremendously.
You don’t need to feel paranoid when going through emails, texting, or interacting on social media, but it’s smart to remain on guard. Be wary when giving out personal information — it takes less time to check that a website is real than it does to clean up identity theft. By keeping your data identity safe, you can help prevent delays in future credit opportunities you may want or need.
Even if you haven’t been a victim of a phishing attempt, there are things you can do to help protect your data identity from digital fraud.
