Even tech savvy people like you can fall prey to real-looking fake emails. Emails supposedly from big banks (Chase, Wachovia, Bank of America, others), e-commerce sites like buy.com, domain registrars, PayPal and even the IRS lure people in. The logos and fonts look just like the real thing, and so do the “spoofed” (fake) websites they link to.
The bad guys are “phishing” for your personal identification, of course. They want account numbers, passwords, PINs … anything they can get to clean out your accounts. Real financial institutions never send emails asking for this information. Neither does the IRS.
New scams can sometimes get around filters until IT pros can identify and block them. How can you spot them in the meantime? Here are seven red flags:
1) They ask you to confirm, update or validate account information.
2) They claim an account or credit card has been deactivated, blocked or experienced an unauthorized transaction.
3) The linked website doesn’t start with https (the “s” at the end indicates a secure site).
4) They use a generic greeting instead of your name.
5) They are supposedly “urgent.”
6) There’s an “@” sign in the url.
7) When you hover your cursor over a link, it looks different or suspicious.
Watch out for fake text messages, called SMShing, and phone phishing, too. For example, you may get a text that says this: Call us at 866-361-XXXX to find out why your debit/ATM card was blocked. The number goes to an automated system or even a live person who tries to talk you out of information. Don’t reply to the text and don’t call the number!