Every year, during the holidays and beyond, we are alerted to phishing scams, done by people who want to steal personal information or money. This year, due to the pandemic, more people are shopping online. That can make you more vulnerable to fraud. Learn about common online scams and how to protect yourself from phishing and other fraud. But first, what is phishing anyway?
What is Phishing?
Phishing is a cyber-crime, in which a criminal poses as a legitimate business you may use. They ask you to provide personal information – using email or text messages that look close to the real thing. They lure you into providing secure information, like credit card numbers, Personal Identification Numbers, Social Security information, passwords or log-ins, bank account numbers and more. Once they have it, they cause havoc and often great financial distress. Below are some common phishing schemes we are seeing this year.
Fake Websites and Fraudulent Apps
In this phishing scheme, a person receives a text message or email directing them to enter personal information or payment information into a website. It looks very similar to the legitimate site, but it is fake. When the person enters the information into the fake website, the “crooks” have that information to keep. Depending on what is supplied, it may help them steal your identity or money.
TIP: Skip the provided link. Instead, visit the real website by doing a search online for the web address or type in the URL (address) if you know it.
Shipping Notifications Phishing Scam
In this scam, the hacker sends an email that may contain a link to a page. They want you to click on the link, which will send you to a web page that is fraudulent. The goal is to get you to sign into the page that will impersonate a well-known page such as PayPal, Amazon, or Apple. It may also contain an attachment that says that it is a receipt. The receipt will contain malware that can capture your keystrokes, contain ransomware or even download data you have stored on your computer.
Charity Fraud Scams
This phishing scheme is designed to play on people’s willingness to donate to a charity. Charity donations generally increase around the holidays. We have seen an increase in these types of scams, especially when it comes to COVID-19 related charities.
Stop! Here’s How to Spot a Phishing Scam
- The sender’s email is a little bit off. It may contain an extra letter or have a misspelling.
- There is misspelling or bad grammar in the subject or in the body of the email or text.
- They do not address you by name. They may use something generic like Mr., Ms., or even dear customer.
- There is a sense of urgency in the message. They say immediate action is needed. For example you need to click on the link to fill out missing information or your order will not arrive.
- The email or text message wants to give you something for free, such as a refund or other freebies.
Ways to Avoid Phishing Scams:
- Do not open attachments from a suspicious email or if it is from someone you do not know.
- Legitimate e-commerce sites will provide you shipping details in the body of the email. So, if they require you to click on a link or open an attachment to see the details it may be a scam.
- To avoid a charity scam, you can check to see if it is legitimate. Legal charities are registered in several public databases which you can find in an Internet search.
- Do not click on links within an email. If you believe that it could be from the actual site, you can go to the site and log in to it. It is very easy to hide a different website within a link in an email or document. For instance, if you believe you have received an email from Amazon to enter some information for an order, just go to www.amazon.com and log in there. Do not click links you are not 100% sure about. Another trick: if you hover your mouse pointer over the link without clicking on it, it will display the destination address after a few seconds. For instance, you get an email from PayPal. When you hover over the link, if it does not show you xxxxx.paypal.com/xxxx/xxxxxx, it is most likely a fraudulent website.
For more information about phishing scams and how to avoid them, what to do if you have been scammed and to report a possible new fraud scam, go to the Federal Trade Commission’s website at: https://www.consumer.ftc.gov/features/scam-alerts. It offers a wealth of information, including common phishing and fraud scams currently being discovered.
You can also add Treasury Management tools to your account if you are a business which will alert you to unauthorized or fraudulent activity in time to stop it.
Sources: https://www.vadesecure.com/en/top-phishing-trends/, https://www.cnet.com/how-to/black-friday-scams-you-need-to-avoid-today/, https://www.techrepublic.com/article/4-phishing-scams-to-watch-out-for-during-the-holidays/