We’ve all been there: You accidentally click on a link, download an attachment, or click the “OK” button on a pop-up window. Suddenly, things aren’t quite right. You notice that the computer begins to slow and more pop-ups appear. Or, you read pleas to enter your credit card information to fix what presumably went wrong. Worst of all, your credit card automatically gets charged.
Congratulations, you’ve been the victim of a phishing scam.
What is phishing?
Phishing is a fraudulent attempt to obtain sensitive information by disguising as a trusted company. It is most commonly carried out through emails, instant messages, or pop-up windows and appear to be from trusted sources, such as a bank, e-commerce site, payment processor, or IT administrator, requesting that the user send a password or payment information. Sometimes links are provided, which, when clicked, lead the user to a site which distributes malware.
Once this information is provided, the fraudster can gain access to the user’s account or personal computer, and further harm can occur.
How can I avoid phishing scams?
Recognition is the key to avoiding phishing scams. Here are some suggestions:
Be suspicious of any emails, text messages, social media posts, pop-ups, or ads with urgent requests for personal information.
Phishers know that emotions drive (usually bad) decisions, so if the language doesn’t seem quite right, then it probably isn’t. Additionally, be on the lookout for peculiar fonts, colors, email IDs, or anything that doesn’t match what you’ve previously received from a known sender.
Avoid clicking on strange links.
Fraudsters will often present a seemingly recognizable link, for example, to a bank or to well-known sites like eBay, PayPal, or Amazon. However, if you hover over the URL with your mouse, you will notice in the lower left-hand corner that the link directs to another link that is completely different. This is more difficult with mobile apps, as there is no way to hover over links, but if a link appears strange, do not tap on it.
Do not send personal financial information or PII (personally identifiable information) through email.
You should only communicate information such as credit card numbers or account information through a secure website or by a telephone call to customer care. Using a bank’s dedicated mobile app is a way to avoid phishing scams involving bank accounts.
How can I prevent phishing?
While removing yourself altogether from the internet is likely not a viable option, there are a few tactics users can take:
Change your passwords regularly.
This is perhaps one of the oldest, tried-and-true defenses against fraudsters. Not only should you change your passwords frequently, but you should keep them varied (i.e., do not use the same password for all of your bank, email, and social media accounts) and difficult to replicate. For help in managing multiple passwords, consider a password management app.
Log out of email and social media accounts when not in use.
This is perhaps very inconvenient, as social media companies want you logged in and posting, liking, and commenting. Some might think of social media sites and apps as having the strongest of security, but even sites like Facebook have found themselves vulnerable to security breaches.
Stay informed of the latest and greatest phishing scams.
Wait, shouldn’t I just use antivirus software?
Sure, it couldn’t hurt. However, beware of antivirus software that offers a ”free download.” The antivirus software industry has come under fire for acting like a phishing scam itself by playing on people’s vulnerabilities, and then forcing them to hand over their credit card number to upgrade to a “premium version” to clean up your PC (or else). Beware of such antivirus software, also known as “hostageware.”
For a list of antivirus software providers, consult PCMag, Consumer Reports, or another reputable publication. (Beware: some review sites aren’t really review sites, but rather thinly disguised promotions for one particular software product.)
You can also do your part as a concerned citizen and report any phishing scams. Below are some websites where you can file complaints:
- The Anti-Phishing Working Group
- Federal Trade Commission’s Complaint Assistant
- The Federal Bureau of Investigation’s Internet Crime Complaint Center
- International Consumer Protection and Enforcement Network
While the number and creativity of scams continue to increase, consumers can benefit by becoming more vigilant. By maintaining a more discerning eye and making a few changes to everyday behaviors, users can find a safer, more worry-free online experience.
The information mentioned in this article is for informational purposes only, is intended to provide general guidance and does not constitute legal or tax advice. Each person’s situation is unique and may materially differ from the information provided herein. You should seek the advice of a financial professional, tax consultant and/or legal counsel to address your specific needs before any financial or other commitments regarding the issues related to your situation are made. Popular Bank does not make any representations or warranties as to the content contained herein and disclaims any and all liability resulting from any use of or reliance on such content.