If you received a phishing email, would you be able to recognize it before it’s too late? Phishing is a crime in which identity thieves attempt to elicit sensitive, personal information from you by masquerading as a trustworthy source in electronic communication. For instance, an identity thief might pose as a friend, your bank, or your favorite charity in an attempt to get your credit card information, account passwords, and more.
Phishers can target you via email, text, social media posts, and pop-up ads, and they get more sophisticated in their efforts by the day. Here are some red flags to watch for and what you can do about them so you don’t become the next victim of a phishing scam.
Watch for Words Like “Verify” and “Confirm”
According to the Federal Trade Commission (FTC), three of the most common ploys used in phishing scams include emails or texts with the following messages:
- “We noticed a suspicious transaction on your account. To make sure your account hasn’t been compromised, please click the link below to verify your identity.”
- “During a review of our accounts, we couldn’t confirm your information. Click here to review and confirm your information.”
- “Your account has been overcharged. Please call within seven days for a refund.”
Financial institutions won’t ever ask you to verify or confirm anything that requires online log-in information. Your bank or other financial institution already knows this information; they won’t ask you for it.
Beware of Urgency
It’s every phisher’s dream to have you act first and think later, so creating a sense of urgency works in fraudsters’ favor. Legitimate entities don’t do this, so you should be instantly suspicious when you see it. For example, the email or text might say that you only have X days to respond or ask you to take immediate action of some kind. Remember that legitimate institutions will call, not email, you in the event of a true emergency. And, even then, they won’t ask for sensitive information; they typically just ask you to verify some activity on your account.
Look out for Illegitimate Links
Always be wary of emails that contain links. Often, phishers will include link text that appears legitimate, such as http://BankofAmerica.com. However, when you mouse over the link, you’ll see the actual URL to which it will take you. If the two are different, something is up.
When you mouse over the link, also make sure that it begins with “https://” so you know the site is encrypted. Finally, don’t be fooled by URLs that have some seemingly credible parts to them, such as “http://www.BankofAmerica-verification.com.” A financial institution wouldn’t have a separate website just for identity verification, so you know the site is a ploy.
Miscellaneous Red Flags
Here are a few hallmarks of phishing messages that you’ll want to watch for:
- Misspellings and typos. Legitimate emails won’t have misspelled words, poor or missing punctuation, and bad grammar. Emails from financial institutions and credible companies are well-polished and well-edited, so if you see mistakes, leave the email alone.
- Generic salutation. Phishing messages will often begin with nondescript salutations, such as “Dear valued customer” or “Dear account user.” Legitimate companies typically will use your actual name.
- Missing site key. If you go to a website that seems trustworthy, look for your site key before entering your log-in information. Site keys are images that you pick out when you create your log-in information. More and more financial institutions are using them to protect your credentials. If yours is missing, exit the site immediately.
- Suspicious attachments. Financial institutions usually don’t send attachments in their email communication. Downloading an attachment could lead to malware being automatically installed on your computer, so watch for high-risk attachments like .exe, .scr, and .zip.
What to do if You’re Victim of A Phishing Scam
Prevention is always the best online identity protection. Don’t click on links, call phone numbers, or download attachments included in suspicious emails. If you receive an email and have a concern about your account, call the number on the back of your credit card or go the company’s main website (not the one included in the email).
On the other hand, all is not lost if you realize you’ve fallen prey to phishers. Here are the steps you can take to minimize the risk to your identity and accounts:
- Update your antivirus program and scan your computer. Make sure you have the latest version of your antivirus software and run a full system scan.
- Get in touch with the credit bureaus. You can place a fraud alert on your credit with any of the three credit bureaus for free. This lets creditors know you might be an identity theft victim.
- Change your log-in credentials. If you revealed any log-in information, make sure you change your passwords immediately.
- Forward the email to the institution. Let the institution the phisher is pretending to be know about the email and forward it to firstname.lastname@example.org.
Phishers are coming up with more convincing messages all the time. With these tips, though, you have the knowledge you need to spot suspicious emails and take action to protect yourself.