Don't Get Hooked
“Phishing” scams are becoming more and more common. Here’s how to stay uncaught.
Posted February 1, 2012
Have you ever received an email, text message or automated phone call from what appears to be your bank or other financial institution warning you that there is a problem with your account? Perhaps you’ve received one informing you that your account has been locked due to too many unsuccessful attempts to access the account, or some other reason that requires you to “verify” or “confirm” your information and/or identity in order to fix the problem? If this sounds familiar, you just might have been scammed due to a process known as “phishing,” which rhymes with “wishing,” as in “I’m wishing this phishing problem never happened.”
Phishing is defined as the act of sending an email or other notification to an individual falsely claiming to be an established, legitimate enterprise in an attempt to scam the individual into surrendering private information that could be used for identity theft. Here is how the scam may work.
You receive a message containing a link to a “spoofed” website that has all the appearances of being that of your bank or other financial institution or company, but in fact is a bogus one set up to look legitimate. The website requires you to enter confidential information such as your bank account number, ATM PIN, credit card number or social security number. Once you’ve done that, the floodgates have opened and it’s open season on your financial well-being.
“Vishing”, or voice phishing, is a twist on the phishing scam. Instead of asking you to click on a link to a bogus website, the vishing email, text message or phone call will ask you to call a financial institution or a bank to verify your information and/or identity. When you call the number provided, you will be connected to an automated response system or a person pretending to work for the financial institution. You will then be asked to provide personal and confidential information such as your social security number, credit card number or your card’s three-digit security code. As with the phishing scam, once you have provided this information, the scammer can use it to drain your bank account, open other accounts in your name, steal your identity or sell your information to other identity theft criminals.
Here are some tips for identifying a scam:
- You receive an email, text message or automated phone call urgently asking you to verify or confirm information such as your social security number or your bank account number. A legitimate financial institution, the IRS, or Social Security Administration will never call or email you asking to verify or provide this information.
- An email, text message or automated phone call urgently tells you that if you do not verify account information, your account will be frozen.
- An email from your financial institution or from an online vendor includes a link to a website that asks for personal information such as account number, social security number, etc.
How to avoid being scammed:
- If you are still worried about your account being frozen or suspended do not respond to the message or call the number they provide. Call your bank or institution directly.
- Do not enter your bank account number, credit card number, social security number or other personal information into a website to which you were linked through an email.
- Check the legitimacy of website links sent to you in an email by checking for the security padlock on the bottom of the screen or a web address beginning with https.
Unfortunately, scammers will always be out there in one form or another. By being knowledgeable about their methods, you’ll stand a much better chance at thwarting them and keeping your financial well-being intact.
Ed Slott and Company has been called "The Best" source for IRA advice by The Wall Street Journal, and "America's IRA Experts" by Mutual Funds Magazine. Ed is a widely recognized professional speaker and author. Get more IRA information from America's IRA Experts.