“Account Compromised” is the subject line to an email that appears to be from your financial institution. You log on to your account only to see that everything is as it should be. You review the email once more. It’s being sent from a different sender and has misspelled words. It’s not even specifically addressed to you.
This is an example of phishing, the process of attempting to trick people into divulging personal information by appearing to be a legitimate source. Avoiding scams, though, is not always as simple as ignoring an email or phone call. Fraudsters gain access to information in a number of ways.
Remember, A+FCU will never contact you over the phone or via text message asking for information such as your online banking password, debit card, or PIN information. If you think you’ve been a victim of one of these scams, please call us at 512.302.6800.
6 Common Phishing Scams to Avoid
Have you been receiving phone calls from numbers that look familiar or places you do business with? Chances are you’re a victim of phone spoofing. The Federal Communications Commission (FCC) recently issued a $120 million fine to a telemarketer for spoofed robocalls, the largest fine ever in FCC history.
A good rule to follow is if you don’t know who it is, don’t pick up the phone. In most cases, robocallers and con artists are calling you from multiple numbers to see if your phone number is an active line, opening you up for more scam phone calls in the future. If you think you are missing out on a phone call, know that the caller will leave a message if it is important. If you do answer, avoid responding to questions, especially yes or no questions. Your voice may be recorded and used down the road to access personal information. It’s also important to not giveaway any personal information; the caller should know who they’re speaking with.
If you think someone important may be calling you, like a doctor, financial institution, or government office, hang up the phone and look up the known phone number for the office. Call them using the phone number you researched to verify the call.
Register your phone number on the National Do Not Call Registry to help reduce the amount of scam calls you receive and screen for fraudulent callers.
Phishing in the form of a phone call is known as vishing. Fraudsters will use scare tactics and manipulation to lure you into divulging personal information. For example, it might look like your financial institution’s collection is calling you, even showing up on Caller ID. You’re told that you have an old debt that needs to be paid off immediately. They may even say things like “You should know what you owe” and ask you to verify information like your Social Security Number, passwords, or tell you to transfer money to a specific account. Other callers may have some information they need to share with you and then ask you these personal questions.
It’s important to call the institution directly before discussing sensitive information with anyone to avoid being a victim. Stay calm, don’t give in to harassment or pressure, and use common sense. If it really is your financial institution, they won’t have a problem with you hanging up and calling the correct number to verify it’s really them.
As illustrated in the example above, fraudsters may create phony emails that look nearly identical to a legitimate one. They may say something along the lines of “update your account information now” or “your information has been compromised”.
The IRS saw a 60% increase in email phishing schemes in 2018 and is warning consumers to look out for emails related to the holidays and 2020 tax season. Subject lines include “IRS Important Notice” or “IRS Taxpayer Notice.” If you receive an email like this, forward to email@example.com.
Other red flags include a generic greeting that is not specifically addressed to you and misspelled words. Avoid clicking any links and open a new window to review accounts.
Clicking a link is dangerous when it reroutes you to a fake website. Websites may be designed to infect your computer with spyware which allows hackers access to personal information you enter.
Use caution and try to visit only websites you know. Also, look to see if the web address begins with HTTPS; this indicates a website is secure.
Using a public Wi-Fi connection makes you vulnerable to attacks. Hackers have the ability to intercept any information you’re transmitting over the web.
Refrain from accessing financial accounts and social media accounts as they include a ton of sensitive information. If used, use only for things like video streaming or internet browsing to be safe.
We have likely all experienced a session time out in which we are kicked out of a site for being inactive for a long period. When this happens, we are asked to re-enter our credentials. What most of us don’t know is that hackers have the ability to recreate a site while we are away.
If you return to a page and enter information on a site that is compromised or phony, your information will be at risk. If you are asked to log in again, open a new page instead as a precaution.
If you believe you are a victim, report it immediately to your financial institution. Visit identitytheft.gov to learn about the different steps you should take.