Phishing Scams – Don’t Get Hooked!

Published on May 9, 2024 | Webster Bank

Have you ever received an email with a similar message like these? “We suspect an unauthorized transaction on your account. To ensure your account is not compromised, please log in to your online banking profile below to review your account activity.”

While your first instinct might be to panic and quickly follow the instructions to protect your account and your funds, STOP. The email you received, or others like it, are most likely examples of a popular scam called “phishing,” – and it involves Internet fraudsters and identity thieves who send fraudulent emails, spam, or pop-up messages to trick unsuspecting victims into providing their personal information like your Social Security number, bank account information, credit card numbers, passwords, or other sensitive information.

According to Verizon’s 2023 Data Breach Report, phishing scams account for nearly 36% of all data breaches in the United States—accounting for more than 5 million events—and were the second costliest source of compromised credentials.

Phishing emails are a form of impostor fraud in which the senders mimic the email addresses and communications formats of various legitimate retailers, banks, organizations, or government agencies. The message may ask you to “update,” “verify,” or “confirm” your account and personal information. The recipients of some scam emails are requested to click on an included hyperlink, which directs them to a fake website. The goal of any phishing email is to trick you into divulging your personal information so the perpetrators can steal your identity and use it to commit fraud.

What makes these types of scams dangerously effective is that they rely on social engineering to quickly gain your trust and engage in seemingly straightforward tasks that, under the surface, compromise the security of your accounts and can ultimately lead to the theft of your money or identity.

Moreover, new developments in artificial intelligence and large language models have led to incredibly sophisticated phishing attacks capable of learning and exploiting user behavior at a scale never seen. According to security firm Persona, some fraudsters are even using generative AI to harvest information about their targets using social media profiles and other digital fingerprints to create uncanny impostor accounts capable of sending emails that are virtually indistinguishable from legitimate communications – learning and optimizing over time and scaling fraud attempts to unprecedented levels.

How to Avoid Becoming a Victim of a Phishing Scam:

1. Never Supply Any Personal or Financial Information from an Email

Legitimate companies don’t ask for this information via email. If you are concerned about your accounts, contact the sender of the email using a telephone number you know is legitimate. Do not attempt to contact the sender using a phone number in the suspicious email.

2. Do Not Click on Links in Emails

Only click on links or open attachments from an email if you know the sender and are expecting the email.

3. Do Not Reply to Phishing Emails

Don’t reply to the email or attempt to contact the senders in any way.

4. Do Not Supply Any Information on the Bogus Website

If you did click on a link in the suspected email, don’t ever give any information on the bogus website it brought you to.

5. Delete the Email from Your Computer ASAP!

6. Protect Your Computer

Ensure your computer is protected with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Some malicious software, a.k.a. malware, has the specific purpose of obtaining the login credentials to your online financial accounts.

7. Review Credit Card and Bank Account Statements

Review all your credit card and bank account statements as soon as you receive them to check for unauthorized transactions.

8. File a Complaint with the FTC if You Believe You’ve Been Scammed

If you think you’ve been scammed, file a complaint and visit the Federal Trade Commission’s (FTC) Identity Theft website for more steps to take to protect yourself. Victims of phishing can become victims of identity theft. Protect yourself, your accounts, and your devices from these attacks, and educate your children and parents on what to look for and how to avoid becoming their next victim.