Understanding Phishing Scams

Phishing scams use deceptive tactics to trick individuals into revealing personal or financial information, and they are among the most common and costly forms of cybercrime. Scammers often impersonate trusted organizations or people and reach their targets through emails, phone calls, texts, and even social media direct messages.

While older adults may be more vulnerable, people of all ages and income levels can be affected. Understanding how phishing works is the first step in protecting yourself and your information.

Common types of phishing scams

Email (phishing)

Designed to look legitimate, these emails trick you into giving out personal or financial information, or clicking on a malicious link. They may even use a company logo and the name of a real employee.

Phone (vishing)

The caller claims to be from a bank, the IRS or another company you may interact with. They ask for personal or financial information to protect your account or help a family member or friend in trouble.

Text (smishing)

Text communications from companies has become routine and might not raise a red flag at first. A smishing text can appear to be from a person or company you know and may include a link to click, a phone number to contact, or encouragement to reply to the text with personal information.

How to spot a scam

Phishing scams can seem legitimate at first because fraudsters often pose as a person or company you know or regularly engage with, such as your bank. But these scams have three things in common:

• They ask you to provide or verify information they should already have, such as a Social Security Number, account number, password or login information.
• They reach out to you first. When you call your bank’s customer service number, they ask for personal information to verify your identity, but real, reputable organizations will never contact you to ask you for account numbers, passwords, or two-factor authentication numbers by phone, email, or text.
• They create a sense of urgency to get you to respond. They use social engineering tactics that play on the trusted relationship with your bank and the fear of losing your money to get you to respond before thinking it through.

Beware fake mobile banking apps

Yes, scammers have even been known to publish fake mobile banking apps that look like the real thing to collect your personal information. If you receive a text or email from someone claiming to be your bank, and they send you a link to download a mobile app, don’t be fooled. Only download apps from the Apple App Store or Google Play, and be wary of mobile apps advertised on third-party sites. Look for developer or author information before you download an app to verify it’s a company you know.