How to Recognize and Avoid Phishing Scams

If you have a phone or an email account then you are by no means a stranger to scams and phishing attempts. In fact, many of us take them as parts of daily life. While some of these are obvious and – quite frankly – sloppy, there are others that have evolved their game to produce some pretty believable documents and calls to action. We’re all spending a lot of time on the internet these days. That makes that this a prime time for phishing emails, texts and phone calls coming out of the woodwork. Did you know that an estimated $30,000,000 is lost in a year to phishing scams? Many phishing scams are also designed for identity theft, leaving you vulnerable to long-term effects. So what can you do to keep yourself protected from these attacks? Here are the steps to recognizing and avoiding phishing scams.

It used to be quite easy to spot a phishing scam from just looking at it. It probably involved a prince from some exotic land wanting to wire you money, or vice-versa. But scammers have adapted their tactics with the changing times and have made it very difficult to tell a real email from a fake one. These days, you might be getting – what looks like – a completely legitimate email from your bank or other familiar company asking you to reset your password or claiming to have found suspicious activity on your account. Most phishing attempts carry a call to action that’s meant to extract your personal information. In some cases, these messages can seem completely legitimate, which is why it’s important to check for the following signs as giveaways.

1. You do not have an account with the company contacting you: If you’ve never had an American Express account, chances are an email from them telling you of a suspicious activity is a phishing scam.
2. The message uses a generic greeting such as “Hi there,” or “Hello Dear.”
3. The message claims there was a problem with your payment information.
4. The message claims there was a suspicious activity on your account or a login attempt.
5. A message that asks you to reset or confirm you password.
6. Any message that asks you to verify your personal information.
7. A message with a fake invoice: these can be very realistic so read on to see how to tell for sure when it’s a fake one.
8. A congratulatory message that claims you’ve just won a prize.
9. A message that asks you to click on a link to make a payment.
10. A message that claims you can register for a government refund.

It’s important to remember that, while these types of messages seem easy to spot, they can sometimes be very convincing and look exactly like communications coming from a legitimate company that you may know and trust. Sometimes, they even come from an email address or a phone number of someone you know and trust. So how can you distinguish between the real thing and a phishing scam? Besides looking out for the tale-tale signs listed above, here are ways to protect yourself from phishing attempts:

• If you aren’t sure, or you suspect the validity of any email or text message, look up the company or person’s phone number outside of that provided in the email or text to make sure you are contacting the real business or person. The surest way to confirm whether you’ve received a phishing scam is by confirming it with the
• Keep your computer protected and up do date on security software: The best way to do this is by setting your security software to update automatically so that you never have to worry about missing a manual update.
• Keep you phone protected by automatic security updates: If you have a smartphone, the same rule generally applies.
• Use a multi-step authentication on your secure accounts. Many modern security measures let you use a multi-factor authentication to confirm your identity and protect you from scammers’ attempts to hack your account. Use something that cannot be duplicated, such as a physical fingerprint or a phone number that only you can access.
• To protect the data you have on your computer, be sure to do a back up to an external, secure hard drive or cloud storage.

Furthermore, let’s cover what not to do if you’ve received a phishing email message or text:

• Do not click on any links or follow a call to action included in the message.
• Do not open any attachments associated with the message as these may contain harmful malware.
• Do not call the number provided within the email or reply to the message directly to check on its validity.

Even if you’ve taken precautions, you may still slip up and click on the phishing bait included in the message. If that’s the case, don’t panic. There are still some precautions you can take to minimize damage and restore your security.

• If you have clicked on any links or downloaded anything from a scam email it’s important to make sure your security software is updated, then sun a scan of your device to remove any malware.
• If your personal information, such as your Social Security, credit card, or bank account number have been made available to a scammer, you should go to gov, and find the specific steps to take based on the information that’s been compromised.

Many of us are tempted to automatically delete an email or block a phone number if we suspect it to be a scam, but did you know you can report these incidents to help fight against phishing scammers? For example, if you’ve received a phishing email, you can forward it to an Anti-Phishing Working Group at the following email address: reportphishing@apwg.org. If the phishing attempt came through on a text message, you can also forward that to SPAM (7726). Once you have forwarded the communication to the appropriate agency, you can also report the phishing attack to the Federal Trade Commission at ftc.gov/complaint.