Have you received emails, text messages, or phone calls that appear to be from a company you recognize? These might be phishing messages, which aim to steal your personal information and money by getting you to click on a malicious link or download an attachment with malware. Scammers use pressure tactics, threats, or too-good-to-be-true offers to grab your attention and get you to hand over sensitive information. Unfortunately, phishing is the biggest cybersecurity threat right now to individuals and businesses. Learn how to spot a phishing scam so you can protect yourself from identity theft.
Common signs that an email could be a phishing attempt
A lot of the time, phishing emails will claim that the recipient has been the victim of some sort of fraud, whether it be a breached account or a fake invoice from a website you use. Always be cautious of emails that claim to be alerting you of fraud, since most companies will not reach out via email to relay this information.
Look at the text carefully. Are there any typos or grammatical errors that suggest the email was not written by a legitimate company?
Think before you click: hover your cursor over any links within the email before you click them. Check to see if you recognize the URL; if you don't, do not click on it. If the URL seems similar, be sure that there are no misspellings in the web address. For example, be sure that the website does not say something like "http://www.amazong.com/refund" since many scammers will use URLs that are similar to recognizable businesses to trick you into thinking that they are legitimate. If you are on mobile and don't know how to check the link source before you click it, just don't click it at all.
Think critically about any communications you receive. Think about the possible ulterior motives of the sender, and carefully consider any actions that they might be requesting. If they are asking you to send an emergency payment via cashier's check through overnight mail or a gift card, these are signs that you are being targeted by phishing scammers. Legitimate companies do not demand immediate action. You can always call the company in question directly from the customer service number listed on their official website. If there is a true issue with your account, you will have time to resolve it.
Does the offer seem “too good to be true”?
Be wary of any free offers. Many scammers will use the offer of something free as bait for their phishing scam. You may need to sign up or otherwise provide information to redeem the free offer, which is the ultimate goal in this scam.
Scammers will also dangle in-demand products at unbelievable prices, such as a big discount on the latest video game system or smart watch. If you search for the item on the web and see one of these offers from an online retailer you’ve never heard of, it’s likely too good to be true. When shopping with a retailer you’ve never tried before, read customer reviews before making a purchase.
Don’t download unexpected attachments
Don't download anything from an email unless you know exactly who is sending it and you were expecting an attachment. This is the fastest way to infect your computer with a virus or some other malware that could get your information stolen and either used against you or sold to cyber criminals who would use it against you. Cybercriminals target your emotions and mental state in hopes of tricking you into acting impulsively. Always think before you click.
Keep your passwords private
Don’t share your login credentials with anyone. Use unique passwords for each online account—a password manager can help generate and store unique logins for you so you don’t have to remember them on your own. Create a semi-regular schedule for changing your passwords and, if you make them up on your own, aim for longer passwords, a mix of characters, and no personally identifiable information such as your birthday.
The same rule applies to temporary passcodes used in multi-factor authentication. Legitimate companies will never ask for your authentication code.
Don’t fall for phony customer service numbers
These days all large companies use automated phone systems for their customer service numbers. So, if you call the number listed in an email you receive and it’s not a toll-free 800 number or a real person answers straight away, something phishy is going on. If you’re not sure, contact the company in question through their official website. Finally, never share sensitive information such as full account, card, or social security numbers over the phone. Legitimate customer service reps may ask for the last four digits, but they will never ask for the entire number or other sensitive information such as your login credentials.
Why do cybercriminals want my login information?
Believe it or not, your login information can be just as valuable to scammers as your bank account information. With access to your email address and password, they can look for clues in your account to create highly targeted phishing attacks against you, the company you work for, or your relatives. Your login credentials can also be sold for money on the dark web.
The most common way for scammers to steal your credentials is with fake login pages that trick you into entering your username and password. You may even be redirected to the real website after you “log in” so that you don’t realize you’ve been tricked.
How To Identify Fake Pages
- Make sure the website address starts with “https://” (the ‘s’ stands for secure).
- Check the domain name to verify it’s spelled correctly.
- Use a saved bookmark to visit your most frequent websites instead of clicking through an email link.
- Look out for grammar and spelling errors on the website itself that suggest an unprofessional job.
- Check the Contact Us page to see if there is a real phone number and address.
Have questions? Contact us today!
Lincoln Savings Bank is a full-service Iowa bank dedicated to local customers and communities since 1902. If you have questions about the security of your account or phishing scams in general, contact us today!