The summer months are when many Texans break out their fishing rods, dust off their tackle boxes, and head to the lake to haul in a big catch.
Not unlike summer fishermen here in Texas, there are a lot of people around the world who engage in another kind of fishing, or “phishing.” These people sometimes include the Nigerian prince who needs money to buy goats for his village, an email hacker posing as a best friend who’s just been robbed in a foreign country, the sweepstakes company notifying you that you’ve been selected for a $150,000 prize (even though you never entered the sweepstakes), or an automated phone system calling to reactivate your debit card.
These fraudulent phishing efforts prey on our natural psychological tendencies, all in an effort to obtain information. And, the really good phishers know how to make their messages look and sound believable.
Phishing in today’s electronic world
Chances are you receive a number of emails each day. Some of these are work-related, some are personal communications, and others are likely coupons, ads, order confirmations, and newsletters. The best phishers are really good at creating emails that appear to come from well-known, national companies such as Amazon, Target, Wal-Mart, and FedEx. These emails will often include a few red flags, so here are the things to look out for.
Who is it actually from?
Check to make sure that the “to email” is actually from the company—you can do this by hovering your cursor over the “to” address. Often times, the actual email address is abbreviated into the company name, so at first glance nothing looks “phishy.”
But, if you hover your cursor to reveal the full email address, you can see if the communication actually originated from the company (i.e. firstname.lastname@example.org). If you notice that the domain name (the “target.com” of an email address) doesn’t look correct or contains a bunch of other characters, there’s a chance that the communication is malicious in nature.
Check for grammar
A corporate email truly sent on behalf of a well-established company is usually read over with a fine-toothed comb. So, if you notice spelling and grammar errors throughout the email, you can suspect that the communication isn’t authentic.
Don’t take action
Phishing emails are usually designed for you to take some sort of action. For example, let’s say you’ve received a phishing email that appears to come from Amazon. This email could say something along the lines of, “We’ve had an issue processing your payment. Please update your credit card number by clicking here.” And, if you’ve placed an order recently, you may mistakenly think it’s related to your recent purchase. When you click, you could be taken to a malicious site that is designed to look like Amazon.
If you receive a questionable email that urges you to take action, first off, do not click on any links or open any attachments. I get it. Your curiosity is just dying to know what that PDF says, but unless you want to make a trip to the computer repair shop, it’s in your best interest to just say no and hit the delete button.
If you have doubts about an email’s legitimacy, contact the company directly, and don’t use the contact information included in the email. Go directly to the company’s website or log directly into your account from the company’s site.
Phone phishermen are still out there
While electronic forms of phishing tend to get the most media coverage, there are still a number of phishing attempts that take place over the phone. And in some ways, these can be the most believable, as it gives the phisher a chance to evolve their message according to how you respond. If you receive an unsolicited phone call from a company that is asking for information, there are a few things to remember.
If it’s from a strange area code, it’s probably from a strange person
Ok, so this isn’t always true. But, if you get a call from an 876 area code (Jamaica) or some other area code that you don’t easily recognize, that should immediately heighten your suspicion. Sure, there’s a small chance the call could be from your crazy aunt who just wanted to update you on how awesome her Jamaican vacation was going, but how often does that happen? If it happens often, you may want to start screening those calls.
Don’t offer information
Be careful of the information you offer over the phone. If you already do business with a company, they shouldn’t need additional information from you. If you receive an unsolicited call from a company, they should never ask for your social security number, full credit card number, or password/PIN. If you already do business with them, they should have that information on file.
This doesn’t extend to just sensitive personal information, though. If someone calls and says they’re calling in regards to your debit card, you wouldn’t want to reply with, “Oh, my Central National Bank debit card?” You’ve just given them the name of your bank. Calls of this nature, if they are truly legitimate, will typically ask that you verify recent purchases on the card or the last four digits of the card number.
You can always hang up
If someone asks for sensitive information and you’re unsure as to the legitimacy of the call, hang up, locate the company’s number (on the back of your card or on the company website) and call back in to provide the sensitive information. This way, you definitively know that you’re speaking with an authorized representative of the company.
It’s unfortunate we live in a world where people try to take advantage of our natural tendency to trust others. Protecting your information requires diligence, and by using some of these tips, you can make sure you don’t accidentally take the bait.
About the Author:
Dawn Eades is a treasury management representative and bank officer at Central National Bank. Whether it’s working in her garden or trimming trees with a chainsaw, Dawn loves to be outside. She also enjoys spending time with her daughter. The two are actively involved in the Girl Scouts’ Central Texas chapter.