No Phishing! How to Avoid Getting Scammed

These days, it’s easy to stay electronically connected to your accounts and the businesses you trust. But, more and more, online criminals are posing as familiar organizations to trick people into providing sensitive information or access to their accounts. They do this through a scam known as phishing.

How Phishing Scams Work
We’re used to communicating with businesses and organizations electronically. Scammers take advantage of this fact by sending phishing emails that appear to be from financial institutions, credit card companies, online stores, government agencies, and other trusted entities. These emails are designed to trick you into giving up personal information like account numbers, passwords, or your Social Security number. With this information, online scammers can get access to your banking or other accounts or install harmful software on your computer.

To lure victims into providing information, a phishing email may pretend to be a routine message, make a threat, or promise something you want. Phishing emails often appear legitimate by including a company logo or other familiar details, making them trickier to detect.

Look for Warning Signs
When checking your email, be on the lookout for these warning signs that could indicate a scammer is looking for your information:
• Look for messages that don’t address you by name or that contain typos. Typos are a red flag that the message might be phony.
• A phishing email may mimic a business’s website address but actually come from a different source. Look carefully to see if there’s a slight variation in the address that the email came from.
• Does the message contain an attention-getting subject line or an attachment or ask you to click on a link for more information? This may lead to a fake website designed by the scammers to capture your information or download malware onto your computer.

The body of a phishing email is designed to get you to respond in some way. The email may:
• Tell you there’s some suspicious activity or login attempts with your account
• Advise you that there’s a problem with your account
• Inform you that you’ve won something
• Ask you to confirm some personal information
• Include a fake invoice as an attachment
• Tell you there’s a problem with your computer that needs to be fixed
• Ask you to click on a link to make a payment or update payment information
• Say you’re eligible for a government refund

Scammers frequently update their methods, so it’s important to stay vigilant and practice caution when a suspicious message pops up in your inbox.

Don’t Get Hooked
There are several steps you can take to avoid getting caught in a phishing attack. Before you respond to any email:
• Ask yourself if the email is from a business or organization you requested information from. If not, it’s probably a phishing email.
• Verify any unsolicited request by contacting the business or organization directly through the information on their website or with the phone number you have on file.
• Remember that legitimate companies or government agencies do not ask for passwords, PINs, Social Security numbers, one-time verification codes, or account numbers in an email.

If you suspect an email is phishing for your information, don’t click any links or open any attachments. Report and delete suspicious emails right away.

How to Protect Yourself
While spam filters may keep a lot of phishing emails out of your inbox, scammers are constantly trying ways to outsmart them, so adding extra layers of protection is a smart move.

Set up two-factor authentication, so scammers can’t access your account with your password alone. This setting requires users to provide additional information, such as a confirmation code emailed or texted to you or a passcode from an authentication app to log in to the account. Two-factor authentication is an extra layer of security that makes it much harder for a criminal to break into your accounts.

If you get a phishing email, report it right away. The information you provide can help fight the scammers.
• Forward a phishing email to the Anti-Phishing Working Group at reportphishing@apwg.org.
• Report the phishing attack to the Federal Trade Commission (FTC) at reportfraud.ftc.gov.

What if You Responded to a Phishing Email?
• Don’t panic. If you think that a scammer has information such as your password, credit card number, bank account number, or Social Security number, immediately go to identitytheft.gov. You’ll find instructions on how to report the incident and what you should do next.
• Contact your financial institution or credit card company and let them know your account might be compromised.
• If you clicked on a link or think you downloaded a harmful attachment, update your computer’s security software and then run a scan to detect any problems. It’s a good idea to set the software to automatically update so it can recognize and handle any new security threats.

Know the signs of phishing and think before you click. If a phishing scam happens, you can avoid taking the bait. To learn more about protecting your information, talk to your financial institution today.