Have you ever received an email for winning the Nigerian lottery or a call from credit card services offering to lower your interest rate? Did you respond with personal information? If you answered yes to one of these questions, you may have been targeted by a phishing scam. Read on to learn what a phishing scam is, how to spot one and what to do if you find yourself a victim.
What Exactly is Phishing?
Phishing is a practice that scammers use to trick people into giving up sensitive personal information – such as bank account numbers, credit card information and passwords. It’s usually carried out by email, phone call or text message.
How Can You Spot a Phishing Scam?
Not all phishing scams follow the same format – so it can be difficult to keep track of them. The good news is, a lot of these scams have common themes or issues that can help you determine that they’re not real. By watching out for the following five signs, you can protect yourself from many scams.
- Someone is offering help you didn’t know you needed
Large, high-profile companies don’t make a practice of calling to help you with computer issues you didn’t know you had. If you did not ask a person or company for help, you should immediately disregard the call and move on.
- You have won something but first need to pay a small fee
This is one of the most common phishing scams. If you are required to pay to get your reward, it’s a good bet that you didn’t win anything. If you have won something that is taxable, the taxes will either be taken out of the winnings or you will be provided forms for filing with your taxes.
- You are being threatened
If someone threatens to release information about you unless you pay them in Bitcoin, it’s a scam. You can also write it off as a scam if someone threatens to have you arrested unless you pay your “taxes” with gift cards. The IRS will never call you to demand immediate payment or contact you about taxes owed if they haven’t sent you a bill first. Likewise, they won’t threaten to have law enforcement arrest you for not paying.
- You are asked to verify your username/password or credit/banking information via email
Never reply to an email asking you to provide personal information such as your username or password, credit card number or banking information. It’s also dangerous to click any link contained in these emails. If asked to verify the information, go to the website directly – not through a link contained in the email. Your bank and other legitimate institutions provide secure ways to verify your account information on their websites.
- Something seems “off” about the communication
Does the logo in the email look strange? Are there misspelled words or incomplete phrases? Does the email address it came from have nothing to do with the company? These are all signs that the email is not from a legitimate source. When in doubt, contact the real institution using the information on its official website (not the number or link provided in the suspicious email).
By far, this is the most important thing to remember: If you are ever unsure, take some time to think about it before giving up any information.
You’ve Been Successfully Phished. Now What?
If you believe you are a victim of a phishing scam, the first thing you’ll want to do is identify what happened and what was compromised. Did you provide information, complete an action, or both? What you did or provided will determine what needs to be done next. Below are some actions you should take, based on the situation.
You provided the username or password for an account.
If you provided an attacker with your username or password, immediately head to the website associated with that account. Then log in and change the password.
You provided credit or banking information.
If you shared credit card or banking information with an attacker, contact the financial institution right away and explain what happened. They can assist with cancelling cards, assigning new account numbers and disputing charges.
You provided personal information such as your name, address, Social Security number or driver’s license number.
If you provided an attacker with this type of information, you will want to keep a close eye on your credit report for unauthorized activity. You can also freeze your credit information with the three major credit reporting agencies. This will prevent anyone from accessing your credit without your permission.
You were tricked into wiring or mailing the attacker money.
If you wired or mailed money to an attacker, you may never get this money back. If this happens, contact your local police department. Many police forces now have cybercrime divisions that can help investigate these types of scams.
A Little Knowledge (and Caution) Can Go a Long Way
Technology has made life easier in so many ways – but sadly, it has also made it easier for criminals to trick hardworking people out of their money. Knowing how to spot, prevent and recover from a phishing incident can help protect your personal information, your assets and your peace of mind.