This morning I checked my email, and came across yet another phishing scam email. I know how to spot them, and have never been a successful victim of them. However i thought not everyone knows how to recognize, or perhaps even know the severity of what can happen if you fall victim to one.
A Phishing scam is what it sounds like (fishing for information) It is usually in the form of an Email, but can come in any form, text message, Facebook, twitter, even regular mailing. Phishers basically send out mass messages / mailings to every address they can find, hoping someone will take the “bait”.
Why Scammers Use Phishing Scams
Why would somebody do this? Well, you can gather a lot of juicy information with a phishing scam. First, you can get somebody’s account number and password. Then you can try to hijack their assets. Some phishing scams ask for all of your personal information (SSN, mother’s maiden name, date of birth, etc) so that they can steal your identity and open credit accounts in your name. Some victims of phishing scams have given up their credit card numbers only to find that the card was used fraudulently.
Why People Fall for Phishing Scams
People tend to fall for these scams because they don’t know any better. If you take a few minutes to examine your email you can quickly determine if its legitimate or a scam.
The email will look exactly like a legitimate email from (in this case lets use a bank institution). The Email will most likely be in HTML formatting, and use all the company logos and trademarks. However slight clues can start to show.
ie: Dear Customer, Dear Client Card Holder, Dear Account Holder I use as red Flags right away. My Bank knows my name, and will contact me by my name, not some generic message. Usually once i see this i say to myself DELETE and forget, however we’ll go on to look at some other interesting points to note.
When you see stuff like
- The customer’s account details need to be updated due to a software or security upgrade.
- The customer’s account may be terminated if account details are not provided within a specified time frame.
- Suspect or fraudulent activity involving the user’s account has been detected and the user must therefore provide information urgently.
- Routine or random security procedures require that the user verify his or her account by providing the requested information.
These are usually much greater signs of Phishing Scams. Your bank is going to call you and ask for you directly to fix any security issues. FYI I’m also cautious of phone calls as well, i always tell them i will call them back at the number i know is legitimate, from the back of my bank card, or their official website, or bank statements. If they tell you that is this not ok, then treat it as suspicious, remember caller ID’s can be faked.
Sorry I am getting off track, but that’s also an important thing to remember.
When your looking at your potential Phishing Email you can tell a lot from the Links if you hover over your link, it may say http://royalbank.com/cgi/kjsd…… whatever the URL may be, but once you click on it (or better yet right click and copy the link location) then paste it somewhere you will see the end says something greatly different and will re-direct you to the scammers website. Once you are here, if you did not notice the address bar change, or the invalid URL with a scammers URL at the end) you may be sitting at a website that looks EXACTLY like your banks website, asking you to login. Links may go to legit websites, but the login form is usually fake, it will record your login name / client card number, and your password. Guess what, that scammer just got access to your bank account that easy.
Here is a photo of the scam email i received this morning, note there are a few key identifiers before i even open the email
These are a couple tips to remember when reading email you THINK are from your bank or credit card company. Don’t forget people phish for PayPal and so many other forms of information.
Finally, if your questioning it even a little, call your bank, they will be able to tell you right away if your account is in jeopardy, or if the email was real.
Most times it will be fake for personal information like this.
I also like to send off a copy of that email to my banks SPAM department, usually you can simply forward it to SPAM@<yourbankswebsite>.com and they will investigate it. Ive sent out emails before and decided to check into it a little later and the sites were down, so maybe they have some more powers and resources to fight these scammers than we have.
Advice for Victims of Phishing Scams
If you have been snagged by phishing scams in the past, you need to be vigilant. First, let your financial institution know what happened. They will likely want to pursue the scammer, and they will monitor your account more closely. Next, I always suggest that victims of phishing scams put a fraud alert on their credit report by contacting one of the major credit agencies. Finally, you’ll need to keep a close eye on your mail and your accounts. If statements stop showing up or if you see unusual activity, call your bank immediately.
If you know any tips to avoid phishing scams post them in the comments below