How Phishing Scammers Work
Phishing scammers use different ways to contact potential victims and may pose as legitimate businesses or governmental agencies. Some are even taking advantage of natural disasters or other upheavals to target people when they’re vulnerable. Learn how to spot the scams.
Ways to Identify a Phishing Scam
Phishing scams use people’s familiarity with certain organizations and play on their emotions. Many of these messages create a sense of urgency (“Your account will be deleted/You’ll lose all your photos”). And, sometimes in emails, instead of a regular sender name, they’ll use something to hook your attention (e.g., “Loans For People With Bad Credit”). Don’t fall for their traps. Keep telling yourself that legitimate businesses won’t ask for personal or sensitive information or confirmation of this information via email. Real companies won’t send emails or text messages with links to update your payment method.
Phishing scammers are getting more and more creative. To make their story more convincing, they sometimes will copy the look and feel of emails of the business or organization they’re impersonating. They’ve been known to use their actual logos and create email addresses that seem to be connected to them. They also may create web pages or sign-in pages that look just like the organization’s—so they can steal your email address and password. Plus, they troll social media accounts to gather information so they can tailor their attacks. Here are some examples:
- Job Opportunity: They’ll review an employment-related social network account and message a user about a potential job with the user’s exact job title.
- Spoofing Geolocation: A user will receive a communication supposedly from their social media platform with a link to confirm a recent login from their hometown. Scammers also may spoof a phone number with an area code that matches yours, so you’ll think you’re getting a local call.
These scammers are also using more sophisticated methods. Some have mimicked loved ones’ voices to create verbal requests for money or assistance for a situation that sounds like an emergency. They’re also starting to use artificial intelligence (AI) chatbots to generate their messages. That means there are fewer misspellings, grammar mistakes and other clues that used to make fake messages easy to spot. The new breed of communications are more conversational and natural sounding—like they come from a native speaker.
But, there are some red flags to look for—especially if you receive an email or other communication you’re not expecting:
- generic greetings like “Hello Customer”
- suspicious links
- first-time senders
- an unexpected invoice
- offers for free stuff or refunds (even from the government)
- notice of a service expiring or account on hold due to billing problems
What You Can Do to Protect Yourself Against Phishing Scams
The primary tools in these scammers’ toolkits are creating a sense of urgency, fear or tugging at your heart strings. Try to put aside these concerns and work to find out if the communication is real before you respond. Be suspicious of anyone who tries to pressure you into acting now. Be wary of emails, messages or phone calls that request your confidential information like:
- your Social Security Number
- account numbers
- usernames & passwords
- any other personally identifiable information
Suspicious or Unfamiliar Emails
If an email looks suspicious or is from an unknown source, don’t provide any information, open any attachments or click on any links, even if the email threatens to close or suspend your account or states your account has been compromised. Opening attachments or clicking links could download spyware to your computer or mobile device. Instead, before responding or disclosing any information, research and contact the organizations using trusted contact information. Use an alternative method like calling the phone number listed on the official website. If the communication proposes to come, for example, from your insurance or bank, call the number listed on your card.
What to Do If You Suspect You’re a Victim
If an email looks suspicious or is from an unknown source, don’t provide information, open attachments or click any links. If you suspect you’ve fallen victim to a phishing scam, follow these steps immediately:
- Ensure that your computer’s firewall, anti-virus and spyware detection software is current.
- Run a virus scan on your computer and clean up any viruses or trojans that are detected.
- Change your online banking password and username from an uninfected computer.
- Change your mobile password or enable touch ID.