- Personal Finance»
- Understanding Finance
Phishing Trip: Avoid the Scammer's Net
Who is catching whom?
I was recently targeted by a phishing scam.
That doesn't make me "special" in any way, because these types of scams, seeking tidbits of information, are sent out by the millions.
It caught my attention because it looked very familiar. I DO have an account with that particular company, and I do get occasional emails from them. So do thousands of other people.
Phishing is a deceptive scheme, usually conducted through emails, to steal personal data, like card or account numbers, passwords, or other information. An identity thief only needs a few info-bits to score a bundle of cash and mess up your life.
What does a Phishing Scam Look Like?
When I woke up that Saturday morning, one of my emails seemed to be from a large American bank where I had an account. The graphics were all perfect and familiar, but it had a few suspicious qualities.
1. It was addressed to an email address that I don't use anymore.
The old address still works, and it is very similar to the new one, but my internet provider changed its email address a couple of years ago.
2. It was sent an an early hour in the Pacific Time Zone which would have been before 6 am on the East Coast of the USA on a Saturday.
It is possible that a large corporation might use automated systems, that could kick in at any time, but it seemed an odd hour to be sending. (The time in the subject line was actually marked 8 hours later, in bold type, but the time stamp indicated otherwise.)
3. It addressed me by my email name rather than my real name. (Sometimes these things may come with a greeting that says: "Dear Customer" or "To Our Valued Customer".) It should have had my real name.
4. It said this:
"We would like to inform you that we have released a new version of (name of bank) Customer Form. This form is required to be completed by all (name of bank) customers.
Please follow these steps: 1. Open the form at (I have not revealed the url link that was posted) 2. Follow given instructions."
5. There were a couple of very minor wording peculiarities. American speakers would usually say "the" customer form and probably would not even use the phrase "customer form". Also, saying "follow given instructions" seems a little stilted and misplaced.
6. The url link (that I was supposed to click, and didn't) looked a little unusual because it was very long.
I will say that none of these things seemed blatently obvious at first, but I knew something was not quite right. I also knew better than to click on a link from someone I didn't know. The scammers challenge is to convince someone that the message IS from a known person or entity.
Banks do NOT do this!
Financial institutions do not email you asking for personal or account information especially through email links.
They might ask you to go to your online account where you have to enter your user name and password and perhaps identify a key and answer a question before you can access information, receive special updates or make any changes.
I notified the bank customer service and they responded quickly-- asking me to forward the mail to their abuse department (which I did) so they could track down the perpetrators.
They came back and said it was, indeed, a phishing scam, and since I had not followed the link or responded to it. I was OK.
This bank sends me occasional alerts, for situations which I have previously approved and selected. I have authorized them to notify me when certain unusual activity has been noted, and when a card payment is due.
If you get a possible scam message purportedly from a bank or company you know, DO NOT FOLLOW ANY LINKS from the email. Contact the firm by going to your account on their site.
As in my case, they will probably want the suspect message forwarded so they can pursue the perps. They will track down the phishers as quickly and efficiently as possible.
If it is a legitimate message, don't worry. They would always rather see people being cautious and careful.
Time to be Alert
Be alert to these kinds of activities. Whenever banks, brokerage firms and large companies are merging or failing, scammers have a perfect opportunity to convince the unaware, that their personal account information needs to be "verified", "updated" or "changed".
You will hear about businesses being sold, going into bankruptcy, or being on the verge of collapse. You may hear from scammers that you MUST contact them IMMEDIATELY to avoid DISASTER.
Don't fall for it. Always check these kinds of messages by going to your own pasword-protected account and ask them to verify any request.
They can get info WITHOUT your click!!
Email scammer are getting more sophisticated every day. The little glitches I noticed, may not appear in the next phishing message you get. Some smooth operator is going to get one of these almost right, and it might be the next one to come your way.
Remember that email is not a secure form of communication.
- Don't share passwords, account numbers or other sensitive information by email.
- Don't be drawn into "surveys" that sound benign. They can be looking for personal details about you.
- Don't respond to links posted in a message that asks for "updates" or tries to panic you into taking "immediate action". They will even threaten to close your account in an attempt to steal from you.
- If you DO get caught in a phisherman's net, notify company authorities immediately.
Be safe, be sure of where your information is going, even if the request looks trustworthy. Remember this can also happen by pop-up messages or even cell phone messages.
View the video above to see ways they can get to you even without your reply.