What Does “Phishing” Mean?
Phishing is the term used to describe fraudulent attempts to obtain personal information via e-mail.
In addition to asking for sensitive information such as card, account, and social security numbers, these messages could contain links or attachments that download malware onto your computer or device.
Messages will initially appear to come from a legitimate source but can often be detected as fraudulent upon closer inspection.
Examples of How Phishing Might Look
Imagine that you are browsing your e-mails. You notice one appearing to come from your local credit union that is labeled Urgent: Account Locked, so you open it. The message directs you to click on a link and enter your password to enable access to your account.
You follow the instructed steps. A few days later you have trouble accessing your account. Once you do get logged in, you notice several funds transfers you did not complete. Unfortunately, you have become a victim of phishing.
Fraudsters are opportunists. This article from the Federal Trade Commission highlights how scammers are taking advantage of the recent Coronavirus outbreak to cash in. Chances are likely that you use one or more of the following well-known companies who have been impersonated in recent phishing scams.
Some users received an e-mail that falsely appeared to be from Netflix. The message stated that their Netflix account had been disabled and asked them to click a link to update their billing information.
Paypal has been impersonated in multiple phishing schemes. Most recently, reports from Threatpost list a new scam that requests an individual’s information down to photo identification. The victim receives an e-mail disguised as coming from Paypal.
The message informs them that their activity is limited because it appears that they logged on from a new device.
The e-mail directs users to click a link and update their personal data, which includes payment information, social security number, and even a picture of their photo ID or credit card.
There are several phishing scams through Facebook. Some ruses pretend to be Facebook to get users to enter their login credentials so that these can be stolen. Others take place within Facebook.
Links are sent through the Facebook messenger service, often appearing to be from friends, that could contain malware or attempt to obtain your personal information.
Amazon has also been impersonated in multiple phishing schemes like the ones above. One scheme more specific to Amazon is an e-mail that appears to provide package tracking information, only it is for an item you did not buy.
These e-mails contain links that could be harmful to your device.
Red Flags to Look For
- Check the sender of the e-mail carefully. Fraudulent e-mails frequently come from an address that is very similar to, but slightly different than, the company being impersonated.
- Multiple typing or grammatical errors could be a sign that a message is not legitimate.
- A message urging you to act immediately could be from a fraudster. Fraudsters try to pressure their victims to act before they have time to think things through.
- If you received an unsolicited message asking for personal details, this is likely to be a scam. Most companies don’t ask for personal information via e-mail, or if they do, it is in response to an action taken on your end. For example, if you request a password change, the company might send a link to complete this. If you didn’t request a password change and receive a related link, be suspicious.
How to Protect Your Information
With these schemes happening constantly, it is important to be proactive in ensuring you don’t become a victim. How do you protect your information?
- Use up-to-date anti-virus or anti-malware software.
- If in doubt, contact the company or individual directly. Use contact information, such as a telephone number, that is obtained outside of the suspect message.
- Don’t click on links within e-mails until you are positive it is legitimate. Hover over links without clicking on them to ensure the link is truly directed toward the proper website.
- Update your passwords frequently.
- Double-check the sender on messages.
- Always go directly to the site in question to update information rather than clicking on a link.
What to Do If You Have Been a Victim of Phishing
If you have been a victim of phishing, immediately take the following steps to ensure you don’t suffer any financial loss:
- Immediately change your passwords.
- Review any related accounts for any unauthorized activity.
- Contact the company that holds the possibly compromised account. They can assist you with proper steps such as resetting passwords and looking for suspicious activity.
- If you clicked on links, get your computer reviewed for malware or viruses.
- Contact the Federal Trade Commission to report and monitor identity theft.
- Report internet crime to the FBI’s internet crime complaint center or call your local FBI office.
These phishing schemes are not to be taken lightly. In the FBI’s 2019 Internet Crime Report, the phishing categories list 114,702 victims totaling $57,836,379 in losses.
For any questions on phishing or fraud, or to discuss keeping your account safe, 121FCU offers free financial counseling. Call and speak with a representative today!