In 2021, the financial services industry surpassed cloud services as the "most impersonated" industry. This was based on the number of reported phishing attempts using fake websites, email messages, text messages and more. In fact, financial services phishing scams accounted for 35% of all phishing attempts tracked in 2021. And to make matters worse, hackers continue to become more sophisticated. For this reason, it is more important than ever to stay up-to-date on the latest phishing techniques. Here are some specific phishing methods to look out for so you don’t fall victim to one of these scams.
Emails
Chances are that your email inbox is flooded every day. In the midst of so many emails, it can be easy to overlook a phishing attempt. Here are some red flags to watch for in emails:
- Spelling and Grammar Errors. Most businesses have a spellcheck feature on their emails, and large companies likely have many eyes on an email before it’s sent. Therefore, spelling and grammatical errors in an email claiming to be from your bank should be a red flag.
- Urgency or Unusual Requests. If you receive an email from your bank claiming that your account was compromised, or demanding that you make a payment, log into your account, or confirm your identity, don’t panic and immediately respond. Remember that if there was something truly wrong with your account your bank would likely call you or send you a notice in the mail – but even then, they would not request sensitive information from you.
- Suspicious Sender. Checking the sender’s email address is a good way to verify whether the email is coming from a scammer, but keep in mind that it’s possible for criminals to “spoof” an email address. So, even if the email looks like it’s coming from your bank, you should still look out for any other red flags.
- Suspicious Links. Hover over any links in the email to verify where they are pointing to. If the links are going anywhere other than your bank’s legitimate website address, do not click on them.
If you receive an email from your bank that you’re not sure is legitimate, your best bet is to reach out to them using their publicly listed telephone number rather than replying to the email or clicking on any buttons or links. Remember that your financial institution will never send you an email asking you for passwords, account numbers, or other sensitive information.
Social Media Alerts
Social media phishing scams are rampant, and Facebook is currently the most-targeted social network. Social media phishing attempts often take the form of fake security alerts to your email address or cell phone. Common tactics include prompting you to reset your password, alerting you to a “hacking attempt”, or asking you to log into your account. With many Facebook users having a credit card on file in their account, a hacker gaining access to a social media profile can be especially worrisome. If you receive any kind of notification about your social media accounts, your best bet is to log into your account as you normally would – not via the notification. If there is an issue with your account you should be notified either while logging in, or after logging in. If you find that your account was compromised, follow the instructions on the social media platform regarding regaining access to your account, and if you had any credit card or banking information in your account, be sure to notify your bank or credit card provider immediately.
Phone Calls
Spoofed phone numbers are becoming a serious issue, and you should be aware that caller ID is not always accurate. Just because your phone says that your bank is calling, it may not really be them. When answering a phone call from someone purporting to be your bank, you should be on high alert. Remember that your bank will never call you and ask for your account number, online banking password, social security number, or other sensitive information. If anything feels “off” about the call, hang up and call your bank directly using their publicly listed phone number.
Text Messages
Scam text messages are becoming more rampant as well. Just like phishing emails, text messages from cybercrooks usually contain a sense of urgency and are aimed at panicking you into a response. They will typically mention unauthorized activity in your bank account or on your credit card, ask you to verify a purchase or flag it as fraud, or state that your account has been “locked down” due to suspicious logins. Whatever the message, look out for common red flags.
First and foremost, look at the sending number. Is it the same number that has sent you legitimate bank notifications in the past? If not, you should be on high alert – especially if the text is coming from a strange-looking sender.
The second thing you should look out for is the link included in the text. Does it look similar to your bank’s website address, but slightly off? If so, it’s probably a scam. Other signs of a fraudulent link include a shortened or scrambled URL, or one containing numbers.
Like phishing emails, phishing texts may also contain grammatical issues and spelling errors. If you have any concerns about whether a text from your bank is legitimate, log into your online banking account to view your recent activity or call your bank directly using the number listed on their legitimate website.
It's alarming to have to dodge so many phishing attempts on a daily basis but knowing what to look out for and how to identify a suspicious email, phone call, or text message is your best method of defense. Remember to always follow your gut, and be hyper-vigilant when it comes to your financial accounts. For more information on the latest scams and security tips, visit our Security Alerts page.