How to Recognize and Avoid Phishing Scams
Prevent Yourself From Becoming A Victim
Phishing is a kind of social engineering cyber-attack that tries to trick you into revealing sensitive information. The information could then be used against you to access your financial accounts, social media platforms, email, phone, and more.
Attackers leverage human emotions to trigger a response. They may pose as a family member, a friend, a coworker, or a stranger in need. They will try to get you to take an action that goes against your best interest, like clicking on a link, downloading an attachment, or sending sensitive information.
They try to convince you to perform these actions by creating a fraudulent scenario such as offering large sums of money, threatening you with late fees, or claiming your account has been locked due to suspicious activity. These attacks are tremendously effective and dangerous. All it takes is just one click.
Here are the different types of phishing attacks and tips for protecting yourself.
Spearphishing - Spearphishing takes aim at specific people and organizations. Attackers collect information from social media platforms, public forums, major data breaches, and other routes. The probability of a successful spearphishing campaign increases significantly when the victim believes they are communicating with someone they know. An attacker can impersonate anyone by disguising their email address or phone numbers to reflect a person that you are familiar with.
Vishing - Vishing is accomplished through voice calls. A common example of vishing includes a call from someone claiming to be a representative from Microsoft. This person may inform you that they have detected a virus on your computer. The caller may ask for your credit card information and explain that an updated antivirus software must be purchased and installed. The attacker would then have your credit card information and you will have likely installed malware on your computer, instead of an actual antivirus.
Smishing - Smishing uses text messaging or short message services (SMS) to carry out an attack. A common example of smishing includes a message delivered to your phone through SMS that contains a clickable link or a return phone number that the attackers want you to call. The attacks may appear to look like they are from reputable sources like your financial institution. The message may tell you that your account has been compromised and that you need to respond immediately. The attacker will ask you to verify your account number, social security number, birthday, and other sensitive information. Once the attacker has collected enough of your personal information, they may gain access and control of your banking accounts.
Unsure If This Could Be An Attack?
No matter if it is by email, text, voicemail, or letter, it may not always be obvious when you become a target for an attack, so it is important to always ask yourself the following questions:
Am I familiar with the sender?
Does the message contain poor grammar or mispelled words?
Are there any suspicious links or unexpected attachments?
Does the message offer unrealistic promises like large sums of money?
Does it plead with you to click a link, download something, or send personal information?
Does it threaten you by saying an account has been hacked or that you’re facing legal action?
It is important to consider these factors with every form of communication, especially when you’re being asked to take action or if the communication is giving you a sense of urgency. If you receive a communication concerning your banking account, stop! Think and consider the questions above. If you are unsure, call your financial institution directly and ask if they sent you the communication. Always remember to think before you click.
Get more insight on recognizing and avoiding scams with this helpful article from our free online financial education tool, Banzai. For more information, you can visit the Scam Alert page on our website for the most recent COVID-19 scams. If you feel you may have been the target of a scam, or would like more information about how to better protect your identity, please contact First Source at 315-735-8571 to report any activity that might seem suspicious to our Member Care Center. You can also visit our Identity Protection page to learn additional ways to keep your information and accounts safe.
Bring This Session to a Live Setting
If you would like to schedule our Community Educator for a seminar or workshop for any Financial Friday educational topic, please email your request to FinancialEducation@fsource.org
Interested in learning more? There are also additional resources which have been created specifically to help you gain financial freedom. Feel free to use these anytime.