Taking a Closer Look at Phishing Scams

Phishing is a cybercrime in which individuals are lured into providing personal and sensitive information to access important accounts.  If successful, it can result in identity theft and financial loss.  Victims are contacted or tricked by someone posing as a legitimate institution.  They are seeking sensitive data such as personally identifiable information, banking and credit card details, and passwords.

Phishing on a website happens when a website appears to be legitimate and a visitor to that site submits personal information, thinking that they are interacting with a real business.  Personal information such as social security numbers, account numbers, login IDs, and passwords are provided by the user and the scammer is able to steal a person’s identity and / or money.

Emails, texts, and phone calls are also used to trick people in a phishing attack.  The fake emails or texts can install ransomware, or programs that can allow scammers to access a victim’s computer or network.  The goal of these phishing attacks is to trick the recipient into believing that the email, or text is something that they want or need, such as a request from the bank, or a note from someone in the company.  Then they entice the victim to click a link or download an attachment.

Phishing dates back to the 1990’s and it is still a widespread and harmful cybercrime.  Let’s take a closer look at phishing – how does it work and how do you protect yourself from it?

How Does Phishing Work?

According to the Federal Trade Commission (FTC), there are common stories used to trick people into clicking on a link, opening an attachment, or providing personal information in a phishing email, text, or phone call.

• Offering a coupon for free goods or services
• Asking you to click on a link to make a payment
• Claiming there is a problem with your account or payment information
• Saying they have noticed suspicious activity or log-in attempts on your account
• Stating you need to confirm or update personal information
• Including a fake invoice
• Claiming you are eligible to sign up for a government refund

Phishing scammers are skilled at creating a false sense of security with its victims.  They replicate trusted logos, imitate legitimate companies, and pretend to be friends or family members.  There is usually an urgency to the scam that will lead the victim to believe there will be a severe consequence such as frozen accounts or personal injury.

One common example of identity theft through a phishing crime is setting up a website that looks identical to a bank.  Then the scammer sends out emails from that bank requesting the recipients input their personal banking information to update their records.  Then the scammer will use that information to access the victim’s banking account.

Your bank would NEVER ask for personal identification information through email, text, or incoming phone calls.  Personal information such as account numbers, usernames and passcodes, SSN, pins, birthday, address, codes, and security answers should never be provided unless through a secure connection.

Phishing attacks can also gather personal and work history, interests, and activities through social networks like LinkedIn, Facebook, and Twitter.  These networking tools can be used to uncover information such as names, job titles, and email addresses.  Then this information can be used to craft a believable phishing email.

How Do You Recognize a Phishing Email?

Phishing emails are often poorly written and clearly fake. There are several clues that can indicate that a message is a phishing attempt.

• The message is written to create a sense of urgency or fear.
• The message uses subdomains, misspelled URLs or suspicious URLs.
• The message includes a request to verify personal information like financial details or a password.
• The message is poorly written and has spelling and grammatical errors.
• The message looks out of character, is unexpected or suspicious looking.

How Do You Protect Yourself From Phishing Attacks?

There are several things you can do to be able to recognize and protect yourself from a phishing attack.

• Emails, texts, or phone calls with exceptional deals that seem too good to be true, probably are. If someone is claiming that you have won a prize or lottery, they are likely trying to lure you in to get you to click on a link.  Don’t do it!
• Be cautious if anything looks out of the ordinary when you receive an email from someone you know. You can hover over the email address.  Make sure it is an exact match to the address that you would expect from that person.
• Don’t respond to emails with your personal information.
• Never open hyperlinks or attachments unless you are confident they came from a known sender.
• Look for incorrect spellings in the web address. Phishing sites often use web addresses that look very close to the actual site address.
• Always use two factor authentication, a browser with anti-phishing detection, when providing any type of personal or financial information.
• Use spam filters to protect against phishing emails. These filters can assess the origin of the message, the software used to send the message, or the appearance of the message.

Does Phishing Happen With Banks and Financial Institutions?

Banks and financial organizations use monitoring systems to prevent phishing.  However, phishing scams can happen and the more you are aware of them, the better protected you will be.

• Scammers can pose as a bank in an email or phone call. The thief claims that the victim’s security has been compromised or identity has been stolen.
• Suspicious emails about money transfers are a common technique used to get people to click on a bad link. This leaves their personal data and finances vulnerable to an attack.
• Direct deposit scams are another type of phishing scam. The victim gets a notice that their login information is not working.  They click on a link to remedy the situation, and they are really installing malware on their system.  This puts their banking information in danger and in the hands of a scammer.

What should you do if you fall for a phishing email, text, or call?

1. Contact your bank or financial institution. Speak to the fraud department and explain that someone has stolen your identity.
2. Request to close or freeze any accounts that may have been accessed in a scam.
3. Change all of your login passwords and PIN identification.
4. Report it.   Help fight scammers by reporting them. Forward suspected phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726). Then, report the phishing attack to the FTC at ftc.gov/complaint.

The Federal Trade Commission posts information about current scams. Visit: FTC.gov or sign up for their scam alerts at FTC scam alerts.

During times of hardship, scammers will attempt to take advantage of your situation by stealing your money, your personal information, or your identity. It is crucial, now more than ever, to be as aware and prepared as possible to prevent these scams.

At Jarrettsville Federal our products and services are designed with your best interests in mind. Our employees place the highest importance on protecting your information and preventing data loss.  Contact us immediately at 410-692-5151 or visit our website at https://www.jarrettsvillefederal.com/ if you notice any suspicious or unusual activity related to any of your Jarrettsville Federal bank accounts.