7 Common Phishing Scams To Avoid

Avoiding scams isn't always as simple as ignoring an email or phone call. Fraudsters will try a number of things. Be aware of these common phishing scams.

Remember, A+FCU will never email, call, or text you in order to reactivate or to restore account access or ask you for information such as your online banking password,  secure access code, debit card, or PIN information. We won’t send texts requesting you click a link to update your contact information. Fraudsters have ways to make calls and texts look like they’re from a business phone number you know, so it’s better to hang up and call back to protect your information. If you think you’ve been a victim of one of these scams, please call us at 512.302.6800.

“Account Compromised” is the subject line to an email that appears to be from your financial institution. You log on to your account only to see that everything is as it should be. You review the email once more. It’s being sent from a different sender and has misspelled words. It’s not even specifically addressed to you.

This is an example of phishing, the process of attempting to trick people into divulging personal information by appearing to be a legitimate source. Avoiding scams, though, isn’t always as simple as ignoring an email, call, or text. Fraudsters gain access to information in a number of ways.

Common Phishing Scams

Smishing

Smishing campaigns target mobile phone users, and the scam messages often look like they’re coming from a legitimate entity, such as the IRS or a credit union. You may receive messages regarding a package, prize, or locked or closed account, for example. If you click the link, scammers will steal or attempt to collect personal information.

Phishing

A study from October 2022 shows there was a 61% increase in the rate of phishing attacks compared with 2021. Phishing scams involve fraudsters creating phony emails that look nearly identical to a legitimate one. They may say something along the lines of “update your account information now” or “your information has been compromised”.

Other red flags include a generic greeting – one not specifically addressed to you – and misspelled words. Avoid clicking any links and open a new window to review accounts.

Phone Spoofing

Have you been receiving phone calls from numbers that look familiar or places you do business with? Chances are you’re a victim of phone spoofing.

A good rule to follow is if you don’t know who it is, don’t pick up the phone. In most cases, robocallers and con artists call from multiple numbers to see if your phone number is an active line, opening you up to more phony calls in the future. If you think you’re missing out on a phone call, know that the caller will leave a message if it’s important. If you do answer, avoid responding to questions, especially yes or no questions. Your voice may be recorded and used down the road to access personal information. It’s also important to not giveaway any personal information – if they called you, they should know who they’re speaking with.

If you think someone important may be calling you, like a doctor, financial institution, or government office, hang up the phone and look up the known phone number for the office. Call them using the phone number you researched to verify the call.

To help reduce the amount of scam calls you receive and screen for fraudulent callers, register your phone number on the National Do Not Call Registry.

Vishing

Phishing in the form of a phone call is vishing. Fraudsters will use scare tactics and manipulation to lure you into divulging personal information. For example, it might look like your financial institution’s collections department is calling you, even showing up on Caller ID. You’re told that you have an old debt that needs to be paid off immediately. They may even say things like “You should know what you owe” and ask you to verify information like your Social Security number, passwords, or tell you to transfer money to a specific account. Other callers may have some information they need to share with you and then ask you these personal questions.

It’s important to call the institution directly before discussing sensitive information with anyone to avoid being a victim. Stay calm, don’t give in to harassment or pressure, and use your best judgement. If it really is your financial institution, they won’t have a problem with you hanging up and calling the correct number to verify it’s really them.

Phony Websites

Clicking a link is dangerous when it reroutes you to a fake website. Websites may be designed to infect your computer with spyware which allows hackers access to personal information you enter.

Use caution and try to visit only websites you know. Also, look to see if the web address begins with HTTPS; this indicates a website is encrypted and more secure than those that begin with HTTP.

Wi-Fi Networks

Using a public Wi-Fi connection makes you vulnerable to attacks. Hackers have the ability to intercept any information you’re transmitting over the web.

Refrain from accessing financial accounts and social media accounts as they include a ton of sensitive information. If used, use only for things like video streaming or internet browsing to be safe.

Tab Nabbing

We have likely all experienced a session time out in which we are kicked out of a site for being inactive for a long period. When this happens, we’re asked to re-enter our credentials. What most of us don’t know is that hackers have the ability to recreate a site while we are away.

If you return to a page and enter information on a site that is compromised or phony, your information will be at risk. If you’re asked to log in again, open a new page instead as a precaution.

Summary

If you believe you are a victim, report it immediately to your financial institution. Visit identitytheft.gov to learn about the different steps you should take.