Have you ever received an email or phone call from a company you know and trust that just didn’t look or sound right? “Phishing” is an attempt by fraudulent individuals to trick you into giving away personal or financial information by posing as a reputable bank or other financial institution. Through these tactics, they can potentially get a hold of your credit card numbers, ATM PIN, social security number, home address, and more. But how do they do this?
Some attacks will attempt to closely copy a company’s email address when contacting you. If you’re not reading closely or carefully, it’s very easy to miss that the email isn’t coming from an official company address. In one of these emails might be an urgent message that you owe money on your account. If you were to click a link in one of these emails, you would be taken to a website set up to look like one of the company’s official pages. Submitting any form of payment on these pages would then send money straight to the fraudsters.
Other attacks occur over the phone. During these attacks, a company’s main phone number will be used in a way that makes it look like that company is calling you – when in reality it’s someone else entirely. Phone attacks can be harder to identify, but you can be sure that if you dial the company’s phone number yourself, you will reach the actual company. This type of phishing is only possible when it comes to incoming calls.
A few well-known phishing attack examples
Bank of America
Bank of America went through a period where fraudsters were sending messages from email accounts that closely resembled official Bank of America branding. Their goal was to get people to click a link where they would enter their online banking usernames and passwords – giving cybercriminals access to all of their personal and financial information.
Some of PayPal’s customers were sent emails about a number of suspicious login attempts. They were then told that their account had been “limited” as a result. In order to remove the “limitations,” customers would have to follow a link and fill in their name, credit card information, and social security number.
During the bustle of the holiday shopping season, fraudsters were able to slip in some fake Amazon emails claiming that “Your Amazon.com order cannot be shipped.” The email then told customers that their order would not be shipped until they verified their information via a link that they provided.
Financial institutions are usually the targets of these attacks since they deal with such sensitive information. That’s why it’s important to arm yourself with basic knowledge about phishing and how to guard against it.
Protect yourself against phishing by following these best practices: