In 2019, over 100,000 people fell victim to phishing crimes, according to a report on internet crimes published by the FBI. That year, the amount of money lost by victims surpassed $57 million dollars.
Phishing is a real crime that can happen to anyone.
In this article, we’ll help you understand what phishing is and how to recognize a true phishing attempt.
We’ll also shed insight on what type of information criminals are trying to steal from you, give you recommendations on how to protect yourself, and tell you what to do if you think you’ve become the victim of a phishing crime.
What is Phishing?
In their 2019 Report on Internet Crime, the FBI defines phishing as “unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials.”
Phishing criminals attempt to make emails, text, and phone calls look or sound like they are from reputable companies that you will recognize. For example, they might attempt to make you believe you’re receiving legitimate communication from your bank, the social security administration, the IRS, your utility company, your credit card company, your mortgage company, or even your local city government.
The purpose of all phishing attempts is to get sensitive information that can be used to steal your identity, gain access to your accounts, or trick you into giving them money.
What Are Criminals Looking For?
Criminals engaging in phishing behavior are trying to convince you to provide them with private or sensitive information that can give them access to your money or your identity.
Examples of private or sensitive information include:
- Your full name
- Your social security number
- Your bank account information
- Passwords to your financial accounts
- Passwords to your email accounts
- Your password recovery hints and answers
- Account numbers or usernames
- Your WIFI name and password
- Your computer login information
Phishing criminals may also attempt to use you to get personal information about your spouse, your children, or your parents.
Phishing Attempt Examples and Warning Signs
You might not believe you’d ever be someone who would willingly provide personal information to criminals, but phishing attempts are not always easy to recognize right away. Criminals are increasingly good at making their attempts look, sound, and feel like they are coming from credible organizations and companies you’ve grown to trust.
There are three primary types of phishing attempts you may encounter at some point in your life:
Phishing Attempt Type #1: Emails
Phishing emails are designed to look and sound like they are coming from an organization you know and trust. For example, you might receive an email from your bank that looks almost identical to the emails you’re used to receiving, but with small subtle differences. The logo might load incorrectly, there might be a misspelled word or two, or the greeting might include an odd version of your name.
Phishing emails usually create some sort of urgency for the recipient—they attempt to drive you to perform some sort of action that needs to be taken care of immediately. They might ask you to reset your password because your account has been compromised. Or they might urge you to log in to pay an unexpected outstanding balance on your account. Or it could be as simple as asking you to confirm personal information about yourself to retain access to your account. Sometimes criminals send a phishing email that looks like it comes directly from your boss.
Phishing emails prey on people’s natural trust for organizations and people they are familiar with—their bank, their utility company, their 401K account, their employer, even a family member.
Warning Signs to Watch for: Outdated logos, shortened URLs, incorrect names, misspelled words, fake email addresses, inconsistent font size or color, aggressive tone, a request for personal information through an unsecured channel.
Phishing Attempt Type #2: SMS Text
Phishing text messages are also designed to sound and look like they come from an organization you know and trust.
They might include an urgent message to reset a password on a compromised account, or they might alert you to an unpaid balance or an outstanding tax bill.
The main goal of an SMS phishing attempt is to convince you to click on a link and install malicious software on your computer or device.
Once this malware is installed, criminals can gain access to your device and information in order to obtain the personal information they need to commit a crime.
Warning Signs to Watch for: Shortened URLs, unfamiliar phone numbers, misspellings, aggressive tone, excessive exclamation points, requests for sensitive information to be sent back over text, such as your social security number.
Phishing Attempt Type #3: Phone Calls
Criminals who make phishing phone calls spin stories to try to get recipients to provide them with the information they need to commit a crime.
They may call pretending to be from your bank, from the IRS, or some other financial organization you’re familiar with.
They usually call asking you to respond urgently to a request—they need to confirm your identity, they need your full social security number, they need you to pay an outstanding invoice, or they need you to confirm information to keep your account secure.
They may act aggressively when speaking to you, threatening you with a lawsuit or potential jail time if you do not respond to their request.
They will attempt to leave a voicemail message if you don’t answer, urging you to call them back immediately.
Phishing phone calls usually play off of people’s fear and confusion.
Warning Signs to Watch for: Refusing to share the name of company, aggressive tone, asking for personal information like your full social security number, threatening conversation, can’t or refuses to answer your questions.
Ways to Protect Yourself From Phishing Attacks
Becoming a victim of a phishing attack can be an incredibly stressful experience. To protect yourself from criminals attempting to obtain your personal information, identity, or money, keep the following tips in mind:
Tip #1: Watch for Common Warning Signs
Review the warning signs throughout this article and consider them when you receive an email, text, or phone call from someone that seems suspicious.
Tip #2: Never Click on Questionable Emails, Links, or Attachments
If an email looks suspicious when it arrives in your inbox, delete it without opening it. If an email seems legitimate but uses shortened URLs or URLs that are unreadable or unfamiliar to you, do not click on them. If an email has an attachment to a file type you don’t recognize, do not download it.
Tip #3: Never Provide Sensitive Information Over Email, Phone, or Text
Don’t provide your full social security number, bank account information, or passwords to someone you don’t know or whose identity you can’t confirm. Legitimate organizations will have security layers in place to protect this information when they ask you to provide it to them.
Tip #4: Keep Devices Secure & Up-to-Date
Keep your computers and smartphones up to date by always installing and updating to the latest operating system when prompted. These updates usually include important security updates that address vulnerabilities that have been found recently. You should also consider installing antivirus software on your computer as another layer of added protection and security.
Tip #5: Trust Your Gut
Above all, trust your gut. If something seems off or not quite right, it’s probably a good sign that someone is trying to take advantage of you or gain access to your information.
Steps to Take if You Become a Victim of a Phishing Attack
If you know or believe you may have responded to a phishing attack, take the following steps:
Step 1: Change your passwords to any accounts you think may have been compromised immediately.
Step 2: Alert the organization where you believe your account has been compromised.
Step 3: Submit a report to IdentityTheft.gov if you believe your identity has been stolen.
Step 4: Report the phishing attempt to the FTC at ReportFraud.ftc.gov.
Step 5: Close or freeze accounts to reduce the risk of financial impact.
Phishing attempts are prevalent, but by becoming more aware of the warning signs and ways to protect yourself, you’ll have a much easier time keeping your personal information safe and out of the hands of criminals.