You open your email inbox and see an email from what looks to be a legitimate source. Maybe it’s a company you have a subscription with like Netflix or whose services you regularly use like Apple. It could even be your electric company. The email says you’ve been locked out of your account because your payment is past due. To restore services, you should click through and make a payment now.
This could be alarming. The sender does say Netflix. The logo is right there in the email. On first glance, everything looks legitimate. But is it?
This could be a phishing attack. Phishing scams frequently occur in email or text messages. The sender claims to be your bank, a credit card company, an online payment website or app, or online store. It is actually a scam trying steal your data and tricking you to click a link. This can lead to the installation of malware or you sharing sensitive information such as login credentials, Social Security number, or your bank or credit card information.
Falling victim to a phishing scam can be devastating. It can include unauthorized purchases, the stealing of funds, or identify theft. You need to protect yourself.
Your email spam filters keep many phishing emails out of your inbox. But scammers regularly update their tactics, so you need to know what to look out for.
The first question if you receive one of these messages is to ask if you have an account with the company or if you know the person who has contacted you. If the answer is “No”, it could be a scam. If your answer is “Yes”, contact the company using a website of phone number you know is legitimate. Do NOT use the information in the email. Links and attachments can install malicious malware onto your device.
Next, notice if there is anything unusual in the message. It could be spelling errors, odd grammar, or even the greeting. If you have an account with the business, it probably won’t use a generic greeting like “Hi Dear”.
Attackers frequently try to alarm users by creating a sense of urgency. For example, an email could threaten account expiration. Scammers know that this can cause victims to become concerned and be less diligent and more prone to error. Think twice before you click on any link asking you to make a payment or update your payment details.
One of the newest – and, sadly, most successful – variants of the “Urgency Scam” is when fraudsters use automated calls instead of email to gain access to your accounts. The call is purportedly from your financial institution (bank, brokerage, etc) or from a company such as Netflix or Amazon. The caller (it could be a live person or a recording) will claim that your account has been potentially compromised (for example, with an unauthorized transaction) and instruct you to press 1 to continue. The scammer will then send you a text message with a supposed one-time new password. By entering this password, the phishing scammer now has gained access to your account.
Scammers will often also employ offers such as claiming you’ve won a prize or free stuff. If an offer sounds too good to be true, it probably is.
Another way is to check the sender’s email address. If it’s a bunch of random letters and numbers, it’s certainly a scam. But also be on the lookout for subtle spelling errors. For example, if the email address is firstname.lastname@example.org instead of email@example.com. Also watch for the use of email addresses completely unrelated to the company purported in the message.
More Ways To Protect Yourself
If you think a scammer has obtained your Social Security, credit card, or bank account information, visit www.identitytheft.gov and follow the steps to report the situation.
If you suspect any of your accounts has been compromised in a phishing attack, or any other scam, contact the company immediately.
Thousands of phishing attacks are launched every day. It’s up to you to remain smart and vigilant when receiving a suspicious message!