Posted on December 12, 2017
Sadly, this most joyful time of year can also be a popular time for online criminals to defraud hardworking consumers. And if you think there’s no way you’d ever fall for an online scam, consider this: Phishing has been around almost as long as the Internet, and there’s a reason the technique continues to be successful!
Here’s what you need to know to detect a phishing scam before it’s too late.
What is a “phishing scam” anyway?
Have you ever received an email claiming there was fraudulent activity on your credit card account, and asking you to "click here" to verify your account information? That’s a phishing scam!
Phishing is what happens when a cyber-criminal uses an online forum like a website to steal sensitive information, including your bank, credit card, and/or social security numbers. Usually, the perpetrator poses as a trustworthy entity like a financial institution or a university; other times, he or she pretends to be a person in need of some help.
Use context clues.
Cyber-criminals start by sending out an email. If you receive an email addressed “Dear Sir,” “Dear Ma’am,” or “Dear Customer,” that should be a red flag that something funny is going on. Keep an eye out for overly dramatic language, too. No legit organization is going to send you an email reading, “Failure to provide such-and-such information will immediately result in your arrest.”
Be a plain Jane.
Most email service providers display messages in HTML mode by default. But the safest practice is to read your email as plain text, which will help you detect any suspicious URLs behind clickable images and links. Check with your email service provider for instructions on how to switch to plain text mode.
Click with caution.
Reading emails in plain text mode won’t work for all phishing scams because some e-criminals use redirect scripts to redirect consumers from legitimate websites to their phony sites. Always use caution when clicking on hyperlinks sent by email. Or, better yet, visit websites the old-fashioned way, by manually typing URLs into a browser's address bar.
Don’t trust the telephone.
Some cyber-criminals trick their victims by initiating contact with a phone call, which might seem more legitimate than an email. If a “client” calls asking you to book a dozen appoints for an upcoming wedding, and she wants to you wire her money that’ll be reimbursed later — well, you’ve got good reason to be skeptical! A real client won’t ask you to wire money for services. Other scam artists have pretended to be hearing impaired, asking stylists for help booking transportation to a salon, promising they’ll pay them back when they get there. Here’s a good rule of thumb: If a request sounds bogus, then it probably is.
Avoid funny-looking websites.
Before you even think about divulging any personal or financial information online, take a good look at the website you’re visiting. If a website’s poorly designed, that might be a big hint that you’re not working with a valid organization. Before submitting sensitive information, always make sure the website’s URL starts with “https.” The “s” stands for security, and you can also check a website’s security certificate if you want to play it extra safe.
Don’t share personal or financial information through email.
Reputable organizations aren’t going to ask you to send passwords, personal information, or financial information via email. So be wary if you get an email asking you to reply with, say, your checking account number or the user ID and passcode used for logging into your credit card account online.
Never-ever-ever provide your full social security number online.
Repeat after us: Legitimate businesses won’t ask for your full social security number over the Internet — period. It’s that simple!
It really does pay to use plastic.
Consider using a credit card instead of a debit card when shopping online. Most credit cards come with amped up fraud protection, and many credit companies will also help you get your money back if you become a victim of fraud. Just make sure to report any suspicious activity right away.
Always use protection.
Pardon the euphemism, but it’s a good idea to install a free anti-phishing toolbar on your browser. This toolbar will run quick security checks while you’re browsing the web, and it’ll inform you anytime you end up on a website that’s bogus. You can also purchase special antivirus software if you don’t already have it.
Don’t talk to strangers.
Your mother’s age-old rule still rings true today. Some cyber-criminals use social media to obtain personal information on their victims. Don’t accept friend requests from people you don’t know, and don’t feel bad about “un-friending” somebody if you accidentally accepted a request from a stranger.
New phishing techniques are constantly being created, and it’s a good idea to make an effort to stay current on common, popular, and ongoing scams.