What is a phishing scam?
“Stranger danger” has been a part of most people’s upbringing, but what happens when the stranger pretends to be someone you know?
In a phishing attack, a scammer pretends to be from a reputable company to get you to reveal personal information that can be used to steal your money or identity. Phishing tactics are often employed as part of email scams and website scams.
No matter the approach, the goal of a phishing scam is always the same: to get your personal information and eventually your money.
Phishing scam examples
Here are a handful of common phishing scams. The more familiar you are with these tactics, the easier it will be for you to recognize and avoid fraud.
The mobile phish
Downloading free mobile apps is as easy as pressing a button. Scammers take advantage of that convenience by creating apps developed expressly for gathering your personal information, either in the background by directly accessing your phone’s data or through text messages containing dangerous links.
Phony requests to access dangerous files in Dropbox and DocuSign accounts have increased over the years. These scams trick employees into clicking the links. Rather than click on the link, log into your file-sharing program directly, and access files through a trusted website or app.
Surveys and questionnaires
Your opinion matters — except when it’s for a phishing scam that is just after your personal information. These fake surveys may even correspond to a topic or social issue you care about. Clicking the link causes your device to become infected with malware.
Message from the boss
An email or direct message from your boss or some other executive at your place of employment tends to capture a person’s attention. But when these messages ask for sensitive information, such as company accounts, passwords, salaries, Social Security numbers or client information, it’s best to confirm that the sender is a legitimate company phone number or email address.
This scam starts with someone supposedly looking for love but actually seeking money. The scammer often posts an online ad or poses as a friend of a friend on social media, but the fraudster could contact you directly. Tragically, what starts as the promise of a loving relationship leads to ongoing requests for money or expensive gifts. The romance scam can happen online, over the phone or even in person.
How to avoid phishing scams
- Don’t share — Be skeptical of anyone who asks for more information than they need — or details that they should already know — even if you are talking to a person or company or bank you regularly do business with.
- Know whom you’re talking to — Ask one simple question before responding to a message: do I know you? If the sender’s name and email address aren’t familiar, err on the side of caution.
- Look at the words around the link — If the individual that sent the text or chat message isn’t using proper grammar, this might be a clue that a bot or scammer operating from a foreign location is on the other end.
- Make sure you’re where you think you are — Before logging in to an account, make sure the web address — the URL itself — is correct. Phishers often forge websites that look legitimate, like online storage accounts, hoping to trick you into entering your very real login credentials.
- Be wary of free offers — If a deal sounds too good to be true or you’ve won a sweepstakes you never even entered, the odds are it’s a scam — even if the email or website includes an official-looking logo or other high-quality graphics.
- Keep your virus protection updated — Virus-preventing programs exist to keep worms, trojan horses, and other malware programs at bay. However, these tools are only useful if they employ the most up-to-date protection. After all, fraudsters are always evolving their methods.
If you suspect you have been targeted by a phishing scam and have mistakenly provided your personal and/or account information to the scammer, please contact your local branch or our Customer Care Center at (800) 994-2500 (8 am-5 pm, Monday through Friday) for assistance as soon as possible.