We depend on email every day. We use email to contact our coworkers, connect with friends and family, and communicate with businesses we trust. Unfortunately, online scammers know this, and they’ve developed increasingly sophisticated schemes to trick us via email into providing sensitive information – then using this information to steal money or commit identity theft. One of their most common ploys is known as a phishing email.
October is National Cybersecurity Awareness Month, and it’s a good time to learn how this common scam works.
When you know what phishing emails look like, you’ll be more likely to avoid failing for one – and can prevent the stress and financial harm that these scams cause.
Phishing scammers send a fake email to unsuspecting recipients to trick them into providing sensitive information such as Social Security numbers, online account passwords, or banking or credit card information. Stolen information like this can be used to drain your account, open lines of credit in your name, take control of your online accounts, or commit other financial crimes.
Phishing attacks may seem to come from a friend or family member in trouble, claim to be from a government agency like the IRS or CDC, or promise you a great reward like a free product or cash prize. Some phishing emails make threats; others appear completely routine. In many cases, they ask you to click a link in an email that directs you to a fraudulent website with a form to enter personal information.
Phishing emails often rely on a sneaky practice called spoofing, which is an attempt to disguise an email, website, or other form of communication to look like it belongs to a business or organization you trust, such as your financial institution, a utility company, a social networking site, or an online store. Here are some common phishing examples:
Some phishing emails look convincing, with logos and design that are a dead ringer for genuine emails from the organization they’re impersonating. But there may be some telltale signs that it’s a phishing email, including:
Always be wary of unexpected requests for information. If in doubt, don’t reply or click any links, and delete the message. If you’re not sure if an email is legit, you can always contact the company or agency directly (via the phone number published on their website) to verify the message. Better safe than sorry.
If you suspect you’ve accidentally provided information to a scammer, don’t panic. There are steps you can take to protect your finances and your credit.
If you believe your banking or credit card information has been stolen, reach out to your credit union, bank, or credit card company right away. It may be a good idea to put a freeze on your credit or debit cards.
Update your online passwords immediately. Also, consider setting up two-factor authentication for your accounts, which provides an extra layer of protection.
Report the phishing scheme to the company that was impersonated. This can help them take steps to protect others from the same scam. You can also file a report with the FBI’s Internet Crime Complaint Center.
Some phishing emails attempt to install malware to steal your information directly from your computer. Use anti-virus software to scan your computer for malicious files, and always make sure your security software (and your device’s operating system) are up to date.
Keep an eye on your accounts and your credit. Review your credit card and banking statements and consider setting up account alerts to help you spot suspicious activity. You may also want to notify the three major credit reporting agencies or review a copy of your credit report for possible fraudulent activity in your credit file.