Effective Sept. 21, 2018, security freezes and fraud alerts will change under a new federal law. Placing, temporarily lifting and removing security freezes is now free for consumers, and initial fraud alerts increased from 90 days to one year. For more information, please click here.
While you may not think twice about opening an email from what appears to be a legitimate sender, the consequences of clicking on emails that come from fraudsters could be serious.
Sometimes, scammers pose as legitimate agencies in order to gain access to consumers’ personal information in what’s known as a “phishing ” scam. It’s one of the many ways that identity thieves were able to take $18 billion from victims in 2013.
It’s important to recognize phishing attacks before you are duped into revealing your personal or financial information.
How phishing attacks work
Phishing attacks come in all shapes and sizes, and they include any attempt to obtain personal or financial information through email. In a typical scenario, you will receive an email claiming to be from a recognizable source, such as an online retailer, or even what may appear to be a legitimate financial organization.
The email will usually describe an urgent reason for you to verify your personal or confidential information by clicking on a link embedded in the message.
Once you click on the link, you will be redirected to a fake website, which may look similar to the impersonated organization’s website. Here, you will be asked to enter either your personal information, such as your Social Security number, or your financial information, such as your bank account or credit card number. Once the scammers obtain your information, they can use it to access your accounts or assume your identity.
According to a recent study by Google and researchers at the University of San Diego, one in seven people who visited a fake website handed over their information.
Additionally, simply clicking on a link in a spoofed email can be dangerous in some circumstances, even if you don’t provide the requested information.
How you can spot a phishing scam
The first red flag that you are dealing with a scam is the email itself. Most financial institutions and government agencies won’t contact you through email to request personal information. For example, Equifax will not send unsolicited emails requesting personal information, such as user ID and password.
You can also spot phishing emails based on the tone of the email. In some cases, scammers will threaten you, warning of impending lawsuits and penalties if you do not take action. A tone of urgency should indicate something suspicious. You should never act fast if it means giving away your personal information.
(Click here to read more on why you might become a victim of identity theft)
Grammar and typos are another red flag. Phishing messages can be rife with spelling or grammatical errors, and they generally do not address you by name.
Phishing messages typically contain several links. Scroll over them with your mouse without clicking, and compare the links in the email with the URL of the correct website. A phishing link may contain a string of cryptic numbers or characters not found in the real URL.
You should never click on links or open attachments with a suspicious looking email, as phishing scammers also use downloadable files to plant malware that can steal the personal information found on your computer.
Help protect yourself after you’ve been targeted
Start by contacting the organization that the scammers are impersonating. You can also file a complaint online with the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center.
If you already have responded to a phishing email, you may want to place a fraud alert on your credit file, which will notify lenders that there may be suspicious activity associated with your credit. An initial fraud alert will remain on your credit file for 90 days and will require creditors to take extra steps to verify the authenticity of requests for credit.
You can also place extra protection on your email account by enabling two-step verification. By doing so, a verification code sent through a text message will be required to access your account in addition to your username and password. If a scammer gains access to your username and password through a phishing scam, he or she won’t be able to hack into your email without also having access to your cell phone.
Phishing scams are more than spam; they are serious attempts by criminals to obtain your information. Be wary with every email you open. For more information about phishing, including examples of phishing and how to report phishing emails, please visit the Federal Trade Commission website on phishing by clicking here.
The information contained in this blog post is designed to generally educate and inform visitors to the Equifax Finance Blog. The blog posts do not give, and should not be assumed to provide, personalized tax, investment, real estate, legal, retirement, credit, personal financial, or other professional advice. Before making any financial decision, you should always consult with the appropriate professionals who can explain your options, rights, and legal responsibilities, and advise you on any tax, legal, credit, or business implications that may result from those decisions. The views and opinions expressed by the authors of blog posts are their own views and may not be the views or opinions of Equifax, Inc. and/or its affiliates.