Have you ever received an email or text that just didn’t seem right? Maybe it was addressed to you and supposedly from a company you knew, but something felt a little off? It may have been a phishing scam.
Phishing attacks happen when fraudsters try to trick you into sharing personal information like passwords or credit card data. These scammers may try to get you to click a link for what you think is a legitimate business or offer. Then, they hope you’ll enter your information on their fake website, which oftentimes match the look of the legitimate website. The link may also download malicious software that could harm your computer and steal information stored on it. Once fraudsters have your information, they may use it to try to get into your existing accounts or open new accounts in your name.
If you’ve clicked on a link you suspect was fraudulent, don’t be embarrassed. Scammers continue finding new ways to trick even the savviest among us. If you think you’ve given a scammer your information by accident, go to identitytheft.gov for specific steps to start your recovery from identity theft.
Phishing scams are quite common. In fact, throughout our Consumer Financial Hardship Study, people have reported phishing as the digital fraud scheme they’ve been targeted by the most. If you get the occasional email that looks “phishy,” keep reading for some tips to help you spot and avoid these scams.
Emails and texts full of grammatical errors were the work of old-school, unsophisticated cyber criminals. Scams are now harder to notice at first glance. A site where the URL starts with “https” may seem secure, but scammers can buy these security certificates for their own imposter websites to trick you into thinking it’s legitimate. Even if a site or email seems real, if you weren’t expecting a communication from the company, reach out to their customer service to double check.
These aren’t accidental typos like before. Scams tied to popular companies will use similar web addresses, but may have a URL that’s off by a single character. These similar, but fraudulent, web addresses may take you to a cloned website that looks identical to a company’s website where you normally do business. The scammer’s goal is to get you to enter your valuable information. Then, they can then try to use it for fraudulent purposes like taking out lines of credit in your name.
When cybercriminals send these links through email, they may try to hide or shorten links to make them hard to verify. Always be cautious with links in your emails. Many email providers provide a way to preview a link’s full web address without clicking on it. If you see a suspicious link in an email, hover over it with your mouse cursor. A pop-up or line should show up somewhere on your screen to show you the full address so you can see if it’s accurate.
Fraudsters can also turn to social media to carry out phishing scams. Of course, never click on a link from someone you don’t know. But even if a family member or friend shares a link you don’t recognize, it could be that their account has been compromised. They may not realize they’re unknowingly sharing a fraudulent site. If a message or post from a family member or a friend seems unusual, reach out to them offline or through some other platform about the suspicious message you received.
To help protect your credit from digital fraud, there are some helpful things you can do right now. For instance, you can place a fraud alert on your credit report. A fraud alert tells lenders to take extra steps to confirm your identity when you apply for credit. You can also get free identity protection from TransUnion’s TrueIdentity.
You don’t need to feel paranoid when going through emails, texting or interacting on social media, but it’s smart to remain on guard. Be wary when giving out personal information—it takes less time to check that a website is real than it does to clean up identity theft. By keeping your data identity safe, you can help prevent delays in future credit opportunities you may want or need.