How to Recognize a Phishing Scam and Protect Your Finances

John McKendrick of West Palm Beach, Florida, acted promptly when he received a billing notification that supposedly came from cybersecurity company Norton. He called to inquire since he didn’t believe he had Norton installed on his computer. The representative he reached convinced McKendrick, 80, to provide remote access to his computer and then executed an extensive scam in which McKendrick lost $92,000.

This story is a classic tale of financial phishing, a common online scam in which a criminal sends phony communications that appear to be from legitimate sources to obtain sensitive information or compel the recipient to send money.

As online banking and transactions become more common, the threat of phishing does too. Phishing attacks jumped nearly 50% between 2021 and 2022 and again between 2022 and 2023. Knowing how to recognize this type of security scam is vital for protecting your information and finances.

What is a Phishing Scam?

A phishing scam is characterized by a scammer posing as a representative of a trustworthy institution to trick you into providing sensitive information such as usernames or passwords, sending money or clicking a link through which malware can be installed on your device.

How to Recognize Phishing Emails

Phishing emails typically look legitimate but contain signs that they aren’t. Common red flags include generic greetings, poor grammar and odd formatting, urgent language, unfamiliar links or attachments and misspelled URLs.

In one typical example, an email that purports to come from a bank requests immediate action, like placing a phone call or clicking a link to prevent account suspension. The person who picks up the phone or the website connected to the link will likely ask you to “verify” your identity by providing personal information.

How to Recognize Phishing Phone Calls

Phishing phone calls involve scammers posing as representatives of legitimate organizations to notify you of a problem or opportunity. The caller will ask for personal information in order to resolve the issue or give you access to a benefit. Phishing phone calls can be effective due to people’s reticence to be rude when speaking to others, such as by hanging up or questioning the caller’s identity.

An example of a typical phishing phone call is someone posing as an IRS representative and claiming you owe taxes. They will solicit the number and password for your bank account on the premise that they’ll be withdrawing a specific amount of taxes owed.

How to Recognize Phishing Text Messages

Phishing text messages, also called smishing or SMS phishing, involve scammers sending phony text messages meant to trick recipients into giving up personal or sensitive information. The texts may contain an urgent request for action and a link you’re meant to click to stave off a problem. The link will take you to a page where you’ll be directed to input information that scammers can use to steal your identity or money.

An example of a standard smishing message is a notification that a package is being delivered and contains a link that supposedly tracks the delivery. The phony link will give the scammer access to install malware on your mobile device.

How to Protect Yourself from Phishing Attacks

The most important way to protect yourself against phishing attacks is to know how to recognize them. Make it a policy never to trust unsolicited communication that asks for sensitive or personal information. When in doubt, independently search out the phone number for the institution that says it is contacting you and call them to ask whether the message you’ve received is legitimate.

Here are some other ways to protect yourself from phishing attacks:

• Verify before you respond or click: Be skeptical of unsolicited emails, texts and calls, and avoid responding, clicking a link, or downloading a document before you’ve independently verified the message’s legitimacy.
• Use two-factor authentication (2FA): Two-factor authentication, which has you verify your identity in two ways when signing into your financial accounts, adds an extra layer of security to prevent scammers from gaining access.
• Install antivirus software: Some phishing scams aim to install malware or viruses on your device, so it’s essential to get antivirus software and keep it updated, especially banking software.

How to Report Phishing

There are several ways to report phishing attempts to authorities to help them protect others from similar fraud attempts.

• Forward phishing emails to the Anti-Phishing Working Group, an international coalition of institutions fighting cybercrime, at reportphishing@apwg.org.
• Forward phishing text messages to 7726 (SPAM) to help your wireless provider identify and block similar messages.
• Report the phishing attempt to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov.

Other Online Scams to Be Aware Of

Phishing is hardly the only type of online scam that can threaten the safety of your information and financial security. Here are some other types of online scams to look out for:

• Ransomware attacks: In this type of scam, fraudsters take your computer hostage using ransomware, a type of malware that holds specific digital systems captive, to compel you to send money.
• Travel scams: These scams involve asking you to pay small amounts for vacation deals that never materialize, such as a “free” vacation for which you pay an admin fee or a phony vacation rental that doesn’t exist.
• Fake shopping websites: Scammers create fake retail sites, often in the style of familiar and legitimate sites, where they offer luxury goods at deep discounts as a way to steal your credit card information or install malware on your computer.
• Grandparent scams: Fraudsters call seniors pretending to be a grandchild in distress and in need of fast money to get out of a jam.
• Romance scams: A typical con job involves scammers wooing an emotionally vulnerable victim with authentic-seeming online communications, gaining that person’s sympathy and trust, and then asking for money to handle a problem like a medical condition.
• Lottery scams: You may receive a notice saying you’ve won thousands of dollars in an official-sounding lottery and can redeem the prize by sending in a fee to cover processing and shipping.
• Social media scams: These increasingly common scams involve tricking people into sending money or sharing information using a fake persona or fake promises on social media, such as selling something that doesn’t exist.
• Business scams: A range of phishing and other scams target businesses with tactics like check fraud, fake invoices, impersonation of senior executives and phony requests for funds such as tax returns from purported officials.

Be Vigilant

Staying safe online requires vigilance, which is easier to cultivate when you know what you’re looking for. That’s why it’s vital to learn the signs of phishing scams, from misspelled URLs to urgent phone calls to suspicious requests for money. Scams are constantly evolving, so it’s a good idea to stay updated on the latest frauds by regularly perusing the consumer alerts on the FTC’s Scams page.

It’s also essential to ensure that your financial data is secure online. Security measures like encryption, two-factor authentication, secure passwords and account activity monitoring can help you keep your money safe. Financial data protection apps like ID Shield, ID Watchdog and IdentityForce can also help increase your security and peace of mind.

And remember that Seacoast Bank is dedicated to keeping its customers safe and will never call, text or email you with a request to provide or verify sensitive information such as your PIN, account password or social security number. We are here to help you avoid falling victim to fraud. Read our fraud prevention page to learn more about how you can protect yourself online.