Learn how to spot a “phishing” scheme before you are a victim.

P. T. Barnum once said, “There is a Sucker born every minute.”  It’s easy to believe him because he was one of the best purveyors of entertainment in history – a genius of sales and marketing – with a whole lot of shenanigans thrown in for good measure. No doubt he would have plenty to say about modern “phishing” schemes to gain access to your personal information and financial assets.

Your Surviving Spouse Liaison is writing today to discuss how to keep your identity and assets safe. Even I have been fooled a few times by what appeared to be a legitimate business. Fortunately, I had my radar up and caught the scam before any damage could be inflicted. In this article I hope to provide some tools to help you as well!

What is “Phishing”?

Phishing is the fraudulent practice of sending emails, texts, or automated calls purporting to be from a reputable company or entity in order to steal personal information. Scammers are after your password, login, credit card numbers and bank account information. They use an authentic looking – but bogus – email, text or logo to obtain information or direct individuals to a fake website or call center to trick you into sharing sensitive information about yourself.

What are some of the most common Examples of Phishing scams?

• Tech Support phishing email.
• Tax refund or that you owe taxes by email or phone call.
• Suspicious activity notice.
• Bogus payment confirmation email.
• Incorrect billing or invoice notice.
• Account suspension email or phone call.

Data released by Proofpoint in 2022 revealed that 80% of respondents experienced an email phishing attack in 2021, a 46% increase from 2020. Hackers use this Social Engineering Tactics to target victims of all ages. In fact, data shows that almost 20% of recipients click on malicious links in phishing emails and answered bogus phone calls.

How to spot a fraudulent attempt to gain your personal information. Here are some examples.

By far, scammers like to use scare tactics, a false sense of urgency, or hard deadlines to trick you into paying for unnecessary technical support or resolve fake problems for your devices, personal accounts and software.

As an example, fraudsters might pose as Microsoft Support Personel, which was the most spoofed brand in 2021. To convince you that there is an issue, your device glitches are presented in technical terms. (Scammers also regularly impersonate tech support brands such as Best Buy Geek Squad).

How tech support scams work:

• In most cases, scammers ask you for money to fix nonexistent problems on your device or software. If you allow them to remotely access your computer to “fix" these alleged issues, they can install malware or ransomware.
• They’ll also ask you to pay a one-time fee or subscribe to a support service.

How to spot them:

• All communications with big companies like Microsoft start with you. Legitimate companies do not contact you via email about device issues. 
• Be vigilant about requests for remote access to your computer. 
• Check the sender’s address to see if it’s from a fake domain (for example, it’s not from microsoft.com). 
• Do not comply with requests for your financial information. As an example, credit card information to bill you for fake services.

Another common example is impersonating the IRS. You may, for instance, receive a fake IRS email asking you to send money to resolve an outstanding balance or request a copy of your W2 because you have a refund due.

The IRS ALWAYS contacts individuals by mail. They will not call you or request personal information in an email or over the phone.

How IRS scams work:

• You will receive a message from scammers. Using a phishing link, they lead you to a fake IRS site. 
• When you enter personal information on the site, such as your Social Security Number or bank account number, it goes straight to the scammer. 
• Installing malware on your computer is another type of fraud. You'll be asked to open an attachment; and when you do so, malicious software is downloaded to your computer. 

How to spot them:

• See where the email came from. Fraudsters can use fake IRS names. Hover over their name with your mouse or cursor to see their real email address. It is a hack if it's not from a “.gov” address. 

These are just a few ways Scammers will try to obtain your personal information. Phishing attacks come in all different shapes and sizes. But luckily, there are still some clear warning signs that you’re dealing with a scam email or call.

In Review, be Aert!

Follow these tips to help protect yourself from the dangers of phishing:

• Learn the warning signs of a phishing attack. Scammers will try to create a sense of urgency in emails and calls to get you to act quickly. They want you to click on malicious links (for example, claiming you owe money or need to “verify” personal information) or give information over the phone. Always slow down and check for signs it’s a scam — such as a generic greeting, typos and weird grammar, suspicious links or requests for sensitive information.
• Always double check the sender’s email address. Scammers use lookalike or spoofed email addresses to fool you into thinking you’re dealing with someone you’re not. Check their email to make sure it comes from an official domain. If you can’t see the sender’s email, double-click or hover over their name to reveal it. If in doubt on a call, hang up and contact your institution directly.
• Regularly check your credit report and bank statements. Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize.In addition, an identity theft protection service can monitor your credit and account statements for you and alert you to any signs of fraud. 
• Be suspicious of all links. Never click on links in emails from people you don’t know personally (they could lead to fake websites that steal your personal information or infect your device with malware). You can hover over a link to see where it’s sending you. If you’re at all in doubt, visit the site directly (rather than through the link in the email). This includes documents that are unexpected.

There are over three billion phishing emails sent per day. Chances are, if you haven’t seen one yet, you will eventually. And, while no one can prevent every identity theft or guarantee all transactions - awareness and education is your best defense.

If you have any questions or require additional information please contact me. It would be my pleasure to direct you to appropriate resources.