I’ve received several emails that appeared to be from Bank of America but poor grammar and spelling coupled with urgency to provide personal information set off warning bells for me and with a little research, I quickly realized these were fraudulent phishing emails. Phishing is an attempt to steal money or identity by acquiring personal information such as user names, passwords, bank account or credit card details while posing as a trustworthy entity in an electronic communication such as an email or pop-up message. In the past, we could count on being alerted to these fraudulent emails by poor spelling or grammatical errors but as these cyber criminals have gotten more sophisticated, it has become critical to observe safe internet practices rather then to expect to easily identify a phishing email.
How to identify a phishing email or scam:
- Web addresses resemble the names of well-known companies but are slightly altered. Graphics in email appear to be connected to legitimate websites.
- The communication will often include an urgent call to action. Watch out for threats that an account will be closed or something bad will happen if you don’t respond to the email message. See some examples below:
- We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.
- Your security has been compromised. Click here for more information.
- During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.
- Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.
- The communication will often contain grammar and spelling errors.
- The communication will include links you need to click on to rectify a situation.
- If you rest your mouse on the link (but do not click), you can see if the address matches the link in the message. Mismatched links are worthy of suspicion.
- Links that lead you to .exe files are known to spread malicious software.
How to Avoid becoming a phishing victim:
- Do Not click on links in emails or pop-up messages that ask for personal information or that take you to your financial institutions login page or to a page where you need to enter financial information, user names or passwords.
- Do not use any contact information referred to in the communication. This includes email addresses and telephone numbers.
- Do not give out any personal information on unsolicited phone calls or to anyone answering the telephone of a number found on your email communication.
- Do not cut and paste any links from the message into your Internet browser. Links may look like they go to one place, but you can end up at a different site.
- Do not email personal or financial information as email is not a secure method of transmitting personal information.
- Do type in the URL or web address yourself or set up your own links to take you to your regular sites. I set up all of my links by using AOL Favorites or Bookmarks on Google Chrome.
- Do take the time to locate genuine contact information (email addresses and telephone numbers) from your bank statements or other legitimate source if you wish to contact the organization with questions about a communication.
- Do look for indicators that the site is secureif you need to provide your personal or financial information through an organization’s website. Examples:
- A lock icon on the browser’s status bar (although these can also be forged so exercise caution)
- URL for a website that begins “https:” (the “s” stands for “secure”)
- Do use a firewall and anti-virus and anti-spyware software and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
- Do use antivirus software that updates automatically and recognizes current viruses as well as older ones.
- Do use a firewall to block communications from unauthorized sources and to make you invisible on the internet.
- Do review bank and credit card statements promptly and regularly to check for unauthorized charges.
- Do check your credit reports periodically as new accounts opened by identity thieves are likely to show up on these. Go to www.annualcreditreport.com for details on ordering a free annual credit report and to catch potential incidents early.
- Do be careful about opening attachments or downloading files from emails regardless of who sent them to you. These files can contain software or viruses that can compromise your computer’s security.
- Do report phishing communication to the organization, bank or company that was impersonated in the email. Most organizations have information on their websites for reporting problems.
What to do if you think you’ve been compromised or scammed:
- File a complaint at http://ftc.gov/ftc/contact.shtm
- Visit the Federal Trade Commission’s Identity Theft website at www.consumer.gov/idtheft
- Go to www.annualcreditreport.com to order a free annual credit report from any of the three major credit bureaus. You may catch an incident early as new accounts opened by identity thieves are likely to show up on your credit report.