One of the most common ways cybercriminals gain access to consumer online banking accounts is through phishing. Phishing is a type of social engineering aimed at tricking people into giving up sensitive information such as social security numbers, passwords, and online banking credentials. Mistaking a phony email or text message for a real bank communication could put you at risk of having your finances compromised.
The good news is that there are several things you can do to proactively spot a phishing attempt. By always being vigilant and on guard for these types of scams, you can minimize your chances of falling victim to them.
Here are some common characteristics of phishing emails and text messages to look out for:
1. They contain requests for sensitive information. Legitimate companies do not ask for your password or social security number out of the blue. If you forget your password, they may ask for a username or email to verify your account, but if you are not attempting to log in and you receive a request for your account information, it is likely a red flag. The same goes for a text or email asking you to reply with any kind of personal information.
2. They have misspellings or formatting issues. Inspect an unknown text or email for misspellings or grammatical errors. Even a slightly low-quality image or unprofessional formatting could be a reason to verify the sender. Scammers often use a business name or URL that is very close to the real thing, thinking victims will not notice. For example, a fake URL might be “wal-mart.com” versus the real “walmart.com”.
3. They contain links or attachments. If you receive an unsolicited email or text message, do not click on any of the links in the message without verifying them. If you are on a computer, hover over the linked text to see what the URL is. The same goes for attachments or downloads from an email sender you do not recognize. You could unknowingly download a virus or malware with just one click. If you’re ever asked to click a link to log into your financial account online, your best bet is to do it through your bank’s verified website, not through a text message or email.
4. They ask you to call a number. If a message asks you to call a phone number, do not call it before verifying that it’s legitimate. Visit your bank’s website to locate their real phone number. You can call their direct customer service line and explain the communication you received. They can help to determine whether the message was legitimate.
5. They contain urgent demands. Cybercrooks try to scare people into giving up information by creating a sense of urgency. For example, a message might read “your account will be locked in one hour” with a malicious link to click. The flip side of this is a “too good to be true” tactic where you receive a message stating you won money or a free vacation but must claim the prize within a certain timeframe. The safest way to verify a request, no matter how urgent it may seem, is to call the company’s publicly-listed phone number.
If you receive a text message or email that you believe is a scam, you should report it immediately. Many email and phone providers have an easy way to flag and report a phishing attempt. If you receive suspicious messages purporting to be from your bank, you should also alert them as soon as possible. Your bank can help determine if the communication is legitimate, and if it’s not they can help alert other unsuspecting customers as well.
We unfortunately live in a time where cybercrimes are more rampant than ever before, but with a little vigilance you can help keep your personal and financial information safe. If you do find yourself a victim of a phishing email or text message, you should report the crime to the Federal Trade Commission (FTC) by filing a fraud report. These reports help the FTC stay on top of recent scams so they can investigate them and warn the public.
For the latest information on financially motivated scams, visit BankFive’s Security Alerts & Tips page.