By Mike Faden | American Express Credit Intel Freelance Contributor
8 Min Read | October 28, 2020 in Money
Phishing is a very common type of cybercrime that aims to trick people into revealing personal information, which is often then used for financial gain.
Most phishing attacks occur via email, but scammers can also use text and voice messages – aka “smishing” and “vishing.”
Basic precautions can help you to spot many phishing scams and take steps to avoid them.
Have you ever received emails like these?
If you’re tempted to click, think again. These may be phishing emails: phony messages from criminals seeking to trick you into revealing information that they can use for a variety of purposes, such as draining your financial accounts or stealing your identity. In 2019, people reported more phishing attacks than any other type of cybercrime, according to the FBI, which received nearly 115,000 phishing complaints.1 Since phishing email scams are on the rise, it’s important to learn to recognize and avoid them.
Phishing is a crime in which someone poses as a legitimate institution in order to trick you into revealing sensitive information, such as:
Importantly, a phishing crime can only happen if you participate – no matter how unwittingly. The criminal has to convince you to click on malware or to type your personal information into a form. To increase their chances of success, criminals often try to impersonate well-known organizations that you may trust, such as:
One common way that phishing emails try to get your information is by asking you to click on a hyperlink in the message. If you click on the link, you may be taken to a website that looks like an official login page, asking you to enter identifying information such as your username and password, or perhaps your full name and Social Security number. Type in the data, press return, and voilà! The scammers now have what they want.
Most phishing attempts occur via email. But criminals sometimes also use phone calls, which is called vishing, or text messages, which is called smishing after “SMS” (short message service), the original acronym for texts.
If criminals succeed in stealing someone’s information using a phishing attack, they may use it in a variety of ways, depending on the information they’ve stolen.
Why do phishing attacks still work, even though people have known about them for decades? It’s largely because criminals constantly come up with new ways to evade email filters and convince people to click. Because of that, there’s no single characteristic that you can use as a sure way to identify a phishing email. But there are common telltale signs:
It’s worth being extra careful if someone you don’t know offers you a gift card in any context. Gift card scams are always present and usually increase during the holidays. These are some popular gift card scams:
While some phishing attempts are easy to spot, others can be much more sophisticated and harder to distinguish from genuine emails.
For example, in so-called “spear phishing” attacks, criminals carefully target specific people whom they think will have access to sensitive data, such as company executives or employees who handle electronic payments. The scammers spend time researching their targets’ personal lives, using sources such as social media. Armed with that personal information, they can craft phishing emails that are much more convincing – for example, with details about a person’s recent vacation destination or their kids’ sports activities.
It’s also become much easier for attackers to include corporate logos and website content that look exactly like the real thing because they can buy “phishing kits” that include almost everything they need to imitate widely used and trusted brands.
Some attacks use voice or text messages instead of email:
If suspicious emails arrive in your inbox, here are some ways to help avoid falling for a phishing scam: