
What Is a Phishing Attack? - 5 Ways to Recognize a Phishing Scam
You know scammers are out there, lurking behind friendly, seemingly legitimate emails and text messages. They attempt to get your personal information, often by asking you to click on a link. The link will bring you to a website that looks like a legitimate website, but it only exists solely for fraudulent purposes. Did you know that most phishing scams arrive by email? Just 1% attempt to scam you by phone. How can you recognize a phishing scam so you don’t fall prey to one? There are five common giveaways that an email may not be legitimate.
LESSON CONTENTS
1. Companies don’t request your personal information via email.
Unsolicited emails from a company that provide a link or ask you to verify your account details are often a scam. Companies don’t ask you for your bank account information or Social Security number.
2. Companies usually call you by name.
Scammers are sophisticated, but phishing attacks are usually sent to thousands of people at the same time. They often begin with something like, “Dear Customer” or “Dear Amazon Customer.” If this email was actually from your bank, your credit union, or a personal account, they would know who you were and call you by name.
3. Phishing emails prey on fear.
Common phrases used in phishing attacks are:
- Changes to your health benefits
- Action required: new login attempt
- Payment declined
- Security update required
- Important: please read
Sometimes scammers will send an invoice for something that you didn’t order in the hopes that you will click on the link they’ve helpfully provided to cancel this order so they can get your sensitive information.
Certain companies are impersonated more often than others. The most impersonated companies in the first quarter of 2021 were:
- Microsoft
- Amazon
- DHL
- IKEA
- Chase
- Rakuten
- PayPal
If you get an email from any of these companies, you should be suspicious. If you have any doubts, go directly to the website (DO NOT click on a link!) and log into your account. Some scam emails are one gigantic hyperlink, so if you click anywhere on the email, it will initiate a malicious attack.
Hackers are pretty good at recognizing opportunities. During times of general uncertainty, they know people are more anxious and might not be paying as much attention. At the start of the Covid-19 pandemic, phishing attacks increased significantly. During hotly contested political contests, they send out scam emails looking for contributions. The last round of stimulus checks brought a new set of scams.
If an email is targeted to you specifically, that’s called spear phishing. They could be after your financial information, but they could be gathering information to use later.
A newer scam is “sextortion”. Attackers claim they have video of you doing something compromising, and they ask for a ransom in exchange for not releasing the information. Delete the email immediately—they don’t have any such video.
Another thing you can do is enter the exact wording of the email message into a search engine. This will often identify scams.
4. Legitimate companies know how to spell and use grammar.
This is the easiest way to recognize a phishing scam. Legitimate companies employ people with excellent grammar and spelling skills to write emails for them. Did you know that hackers do this on purpose? They use awkward syntax and bad grammar as an attempt to pry on the uneducated.
If the email doesn’t read right, or there are errors especially in grammar or syntax, you should be suspicious.
5. Check the domain address.
This is often overlooked by even savvy consumers. Hover your mouse or your cursor over the link in the email address, and the destination address should appear in a bar along the bottom of the browser. If there is a string of random letters and numbers after the company name, it could be a phishing attack. Sometimes companies do include varied domains to send emails, in which case you should make sure that the link in the text matches the URL.
What to do if you’ve been phished.
If you think a scammer has obtained your information, go to IdentityTheft.gov and follow the instructions. You should also:
- Change all of your passwords immediately. You should change your passwords every three months or so, but especially after a phishing attack. Consider using a password manager to keep track of them all.
- Get anti-virus software and scan for viruses as soon as possible.
- Disconnect from the internet as soon as possible. You may be able to prevent the hacker from gaining remote access to your computer or from installing malware.
- Contact the company that was spoofed. Companies have departments dedicated to dealing with fraud. You can also report what happened to you to the Anti-phishing Work Group, which analyzes and works to prevent phishing attacks.
- Watch carefully for signs of identity theft. If you gave out financial information, check your bank accounts and credit card accounts for signs of fraud. You should also contact credit reporting agencies to let them know. Keep an eye out for new credit inquires that you didn’t authorize.
- File a report with the Federal Trade Commission (FTC).
- Don’t be too hard on yourself. While most people think they can recognize a phishing scam, hackers know that it only takes one moment of inattention.
Hopefully, you won’t fall victim to a phishing scam but if you do, you’re definitely not alone. Scammers send phishing emails because they work. Not clicking on random links or attachments will go a long way towards protecting yourself.
Related Resources
View AllHow to Spot Financial Grooming Scams
Scammers no longer rely on quick-hit phishing scams; instead, they patiently cultivate online relationships — a tactic investigators call financial grooming. This article unpacks how grooming scams unfold and the red flags to watch for. We also detail the practical actions you and your loved ones can take to shut fraudsters out.
How to Protect Yourself from Spear Phishing Attacks
Cyber threats have become increasingly sophisticated, targeting not just large corporations but individuals as well. Among these threats, the spear phishing attack is one of the most deceptive and damaging. So, what is a spear phishing attack, and how do you protect yourself?
Stay Safe in the End Zone: Avoiding Financial Scams During Football Season
Football season is a time for excitement, cheering on your favorite team, and creating lasting memories with friends and family. However, it's also a time when scammers are on the lookout to take advantage of distracted fans. From fake tickets to fraudulent online offers, football season provides scammers with numerous opportunities to trick unsuspecting victims. By staying alert and knowing how to spot common scams, you can protect your finances while enjoying the game.
Protecting Your Finances: Cybersecurity Best Practices
In today's digital world, protecting your finances has become more challenging than ever. With cybercriminals constantly devising new ways to access personal information and compromise accounts, it’s crucial to stay informed and practice good cybersecurity habits. Whether you're managing your finances online or simply browsing the web, knowing how to safeguard your data can prevent financial loss and protect your personal information from falling into the wrong hands.
Chip Card: What is an EMV Card?
Today, most debit and credit cards have multiple ways to transmit data and authenticate a payment. One such way is the small, square computer chips you see on the card. This is called an EMV chip and is used to help protect the user from fraud. Read this article to learn more about how EMV chips work and how they help keep your information safe.
EMV cards, often referred to as chip cards, represent a significant advancement in credit card security technology. The term “EMV” stands for Europay, MasterCard, and Visa, the three organizations that created the standard. These cards are equipped with a small, metallic square chip on the front, which is easily recognizable and distinct from the traditional magnetic stripe on the back of older cards. This chip is a critical component of EMV technology, designed to enhance transaction security and reduce fraud.
Bank Scams: What it is, how to prevent it & the different types
According to the Federal Trade Commission, there were 2.6 million fraud reports in 2023, with $10 billion lost to fraud. It can happen to anyone and is never something to be embarrassed about. It is important to recognize though that the first line of defense is you, so being prepared to safeguard your financial safety is crucial. If something happens, the sooner you reach out for help, the better position you’ll put yourself in.
How Can I Protect My Elderly Parent’s Money?
In today’s digital world, protecting your elderly parents’ assets is essential, as the consequences of financial vulnerability can be devastating. According to the FBI Elderly Fraud Report 2022, total losses reported by elderly victims increased 84% from the previous year to $3.1 billion.
Given the high stakes, you might wonder, “How can I protect my elderly parents’ money?” Navigating the complexities of financial security for elderly parents requires a blend of empathy, strategic planning and legal action. This guide equips you with the knowledge and steps necessary to secure your elderly parents’ financial well-being.
Avoiding Holiday Scams: From Phishing to Travel Frauds
The festive season is a time of joy, giving and celebration. But as you prepare to dive into the celebrations, you must be on guard against scams that could ruin your festivities. From convincing phishing emails decorated with jingle bells to too-good-to-be-true travel deals promising a winter wonderland, the tactics are endless and, sadly, effective.
Generally, financial institutions follow information security guidelines and never request personal or sensitive information. Therefore, any call or information request for your banking information, such as banking username and password, account number, routing number or social security number, should be treated with the utmost suspicion.
As technology evolves, scammers are getting more sophisticated. Some of their rackets appear genuine. Thus, you must be extra vigilant, especially during this holiday season. Here's a detailed overview to equip you against potential pitfalls.
Ensuring Member Data Security: How Credit Unions Safeguard Your Information
In an era marked by rapid technological advancements and the growing significance of data in various sectors, the safety and security of personal information have become paramount. Credit unions, financial institutions that serve their members' financial needs while operating as non-profit organizations, are no exception to this rule.
With the increasing reliance on digital platforms for banking and transactions, credit unions have taken robust measures to keep member data safe and secure. In this article, we explore the strategies employed by credit unions to protect their members' sensitive information.
What is Two-Factor Authentication (2FA)?
Two-factor authentication is a security process that requires two different authentication methods before granting access to an online account or system. Discover the benefits of two-factor-authentication and how to enable it to protect your information.
Navigating the New Normal: Software Updates and Working from Home
In our ever-evolving digital landscape, staying informed about software updates, and remote work safety is essential. As our lives continue to be shaped by technology, members must take proactive steps to ensure their financial well-being and data security. In this article, we'll explore the importance of software updates and discuss the challenges and benefits of working from home.
Guarding Your Finances: A Guide to Shielding Against Social Engineering and Phishing Attacks
In today's interconnected world, safeguarding your financial well-being requires more than just responsible money management; it involves protecting yourself from evolving online threats like social engineering and phishing attacks. This article aims to empower you with knowledge and practical tips to keep your accounts and personal information secure.