I recently received an email from my bank asking me to update my login information. The email looked legitimate since the last four digits of one of my bank account number were provided in the email. But I quickly realized the email was a phishing scam to obtain my username and password to access my bank accounts. I called my bank immediately to report the security issue, and no harm was done.
But what if I had clicked on the link and entered my login information? The possible harm a phishing scam can do is scary. Cyber-criminals use phishing to trick you into believing you’re on a safe web page. If successful, they gain access and can ransack your emails, documents, photos or contacts. Just ask John Podesta, former chairman of the Democratic National Committee, whose emails were hacked. Cyber-criminals can also pretend to be you and send out harmful emails. Sometimes they use phishing to steal your identity or access your accounts, changing the login information and then shopping or make banking withdrawals without your knowledge.
How do you know an email is a phishing attempt? There’s no easy way –– no simple push of a button –– to avoid identity theft or sabotaged accounts in today’s fast-paced technological world. First, whatever you do, do not click on a link provided in an email. Instead, review the signs of a potential scam, as provided below. Then, follow the steps at the end of this article to decrease the chances of a security breach in the first place.
1. Partial Account Numbers
An email message showing the last 4 digits of your account number doesn’t make it legitimate. The account may have been hacked, and now the cyber-criminals are trying to trick you into taking another step to compromise additional data.
2. Confidential Information Requests
A legitimate business will never send an email asking for your social security number or EIN information. They also will not ask for your account number, credit card information or PIN number. Avoid responding to these types of emails.
3. Suspicious Email Addresses
If you receive an email from a legitimate business, the sender should use @domain name for the email address. Question emails sent from free email services.
4. Strange Content
Closely examine the content of the email. If the sender’s message seems less personal than expected, it may be a scam. Also, cyber-criminals use translation software to send emails in almost any language, but the software isn’t perfect. If you see grammatical errors, look more closely. Watch for links three to four lines long as this is another sign of a potential scam.
5. Unexpected Attachments
Never open attachments you’re not expecting. Even if you know the sender, be cautious. If you are not expecting an attachment, email the sender to ask if they sent it. You can also look at the attachment name. For instance, documents with .exe at the end are likely meant to harm your computer.
6. Attachments from Friend
Be careful when you receive an attachment from someone you do know. For instance, a vicious scam currently affecting Gmail involves receiving an email with an attachment from a friend. What you don’t know is the acquaintance’s account was hacked, and now the cyber-criminal are using it to snag more innocent victims. The scammers hope you’ll click on the attachment to see a preview. But instead of seeing the preview, a window or tab opens up requesting your login information to continue to Gmail. Everything looks normal. But it’s not – it’s a fake website created to steal your information and wreak havoc on your personal finance. Read on to learn how to recognize these hoax sites.
7. Fake Sites
Don’t assume a site with an appropriate logo and company name is legitimate. You must review the browser address to be certain:
Is the website address really long? If so, this could be a fake site. Look for a bunch of characters after the basic website address. If you see lots of text, this is most likely a text block containing a file to create a fake login page.
Does the address include https://? Sites that start with https:// are secure. If the address does not start with this, the link may be a phishing scam.ont
8. Unexpected Gifts or Freebies
Emails promising gifts, such as reward points, free vacations or gift cards, are scams if you aren’t expecting them.
9. Closing Account
If you receive an email indicating your account may be closed if you don’t act immediately, don’t panic and log in. Cyber-criminals have only a short amount of time to get you to act before the company finds out about the problem, so they want you to panic and log-in. Instead, contact the holder of the account directly to inquire if they are planning to close the account in question. You can also type the vendor's website address directly into your Internet browser, then click on your account to see what’s really going on.
10. Unauthorized Charges
Avoid emails saying you have unauthorized charges and must enter your login information at the provided link. The only way to verify if you truly have unauthorized charges is to call the vendor using a phone number you receive in your billing statement or on the back of a card. Or, type the name the creditor or bank directly into your Internet browser, and then log-in to see what’s going on with your account.