5 Steps to Avoid Phishing Scams
You’ve seen the emails. At first glance, they appear to be from trusted sources like your credit union, your credit card company, or your mortgage lender. The logos look right. The links seem correct. However, as you read the message, you see requests to verify personal data or financial information. That’s when the red flag should go up. The sender is phishing.
Phishing is an identity theft tactic that uses fake emails or websites to trick consumers into revealing personal financial information. By posing as an official organization, retailer, or government agency, cybercriminals exploit the natural desire for security and lure users into entering their personal data on fake web pages.
According to a 2018 report by Wombat Security, financial attacks now account for more than 50% of phishing incidents. If cybercriminals can obtain your social security number, bank account information, and other private data, your identity and your hard-earned money are at risk.
To avoid becoming a phishing victim, take these precautions:
Never click on hyperlinks in emails. While a hyperlink may look valid, the email creator ultimately controls where you are directed once you click the link. If you want to check out a website referenced in the email, manually typing it into a separate browser tab is a sound way to verify its authenticity.
Keep an eye out for bad grammar. Cybercriminals go to great lengths to fool victims, but many times they seem to skip basic steps like spellcheck. If you receive an email that contains obvious spelling errors or grammatical mistakes, proceed with caution. Reputable companies pay close attention to details, and their consumer-facing emails are no exception.
Do not enter personal information in pop-up windows. Most trustworthy websites embed essential login fields in the page itself, so there is rarely a good reason to enter your personal details in a pop-up window. In fact, if you haven’t activated your browser’s pop-up blocker already, there’s no time like the present. You can always adjust your block settings to identify trusted sources as needed.
Look for HTTPS. It’s a small detail, but when you look at the web address in your browser window, there’s a critical difference between “HTTP” and “HTTPS.” The “S” indicates that a site is secure. Before you enter any personal or financial details, double check that the web address begins with “HTTPS.” If it only shows “HTTP,” any information you enter could be at risk.
Contact the company directly. If you’ve taken every precaution, but you’re still unsure whether the email or website is safe, it’s best to contact the credit union, creditor, or organization directly. If the communication is valid, they will be able to confirm its authenticity. If it is bogus, they can file a report and advise you how to proceed safely.