Don’t let the name fool you, phishing scams have nothing to do with a rod, reel and hook — or do they? If you think about it, the term “phishing” is the perfect way to describe a fraudster casting a bunch of emails out hoping a few people will take the bait and give up enough personal information that the “phisherman” can steal their identity, drain their bank accounts or both.
So what qualifies as a phishing scam? Many things but the tried and true method is sending out unsolicited emails to unsuspecting people under the guise of being a legitimate email from a company or financial institution. They’ll ask for sensitive personal data like Social Security numbers, date of birth and any other information that might be their key to unlocking a victim’s financial accounts.
These troublemakers have become good at mirroring bank or credit card company’s emails and websites, but there are red flags you can watch out for, including:
- Request for personal information: A financial institution or most any other company will not ask for sensitive information via email or over the phone. Purdue University says messages asking for login details, Social Security numbers and other personal information are scams.
- How it’s written: These emails are typically filled with grammatical errors, missing words or typos. Emails from legitimate organizations are well-written.
- Odd-looking URLs: Verify a link by hovering your cursor over the embedded link to see if it uses encryption. You want to make sure you are being directed to the correct website and not one that has been spoofed.
- Who it’s addressing: Generic salutations like “Greetings account user” are sure signs of a phishing scam. An actual company will include the recipient’s name in their communications. Watch out for general signatures, like “The Finance Group.”
- False sense of urgency: Preying on your fears of something happening to your bank accounts, or having your credit cards compromised are a scammer’s biggest calling card. They’ll ask for personal information quickly in hopes your fears will cloud your better judgment.
Now that you can identify some of the red flags of a phishing scam, what are the next steps you need to take if you get a suspicious email? You’ll want to forward those emails to firstname.lastname@example.org and the company, bank or organization being impersonated. If possible, be sure to include the full email header. The Anti-Phishing Working Group, who’s members include ISPs, security vendors, financial institutions and law enforcement agencies, collects reports on phishing scams in hopes to stop them. If you’d like to help, you can report your phishing email to email@example.com.
If you fall victim to a scam, what should you do? File a report with the Federal Trade Commission at ftc.gov/complaint and then visit their Identify Theft website. Because phishing victims can become victims of identity theft, you’ll want to use their step-by-step recovery plan designed to help stop and reverse some of the damage these thieves can do.
NAB is dedicated to helping you protect your most vital information, and that’s why we hope you’ve found this information helpful. If you have questions about a merchant services account with NAB, visit the programs features page to learn more.