John McKendrick of West Palm Beach, Florida, acted promptly when he received a billing notification that supposedly came from cybersecurity company Norton. He called to inquire since he didn’t believe he had Norton installed on his computer. The representative he reached convinced McKendrick, 80, to provide remote access to his computer and then executed an extensive scam in which McKendrick lost $92,000.
This story is a classic tale of financial phishing, a common online scam in which a criminal sends phony communications that appear to be from legitimate sources to obtain sensitive information or compel the recipient to send money.
As online banking and transactions become more common, the threat of phishing does too. Phishing attacks jumped nearly 50% between 2021 and 2022 and again between 2022 and 2023. Knowing how to recognize this type of security scam is vital for protecting your information and finances.
A phishing scam is characterized by a scammer posing as a representative of a trustworthy institution to trick you into providing sensitive information such as usernames or passwords, sending money or clicking a link through which malware can be installed on your device.
Phishing emails typically look legitimate but contain signs that they aren’t. Common red flags include generic greetings, poor grammar and odd formatting, urgent language, unfamiliar links or attachments and misspelled URLs.
In one typical example, an email that purports to come from a bank requests immediate action, like placing a phone call or clicking a link to prevent account suspension. The person who picks up the phone or the website connected to the link will likely ask you to “verify” your identity by providing personal information.
Phishing phone calls involve scammers posing as representatives of legitimate organizations to notify you of a problem or opportunity. The caller will ask for personal information in order to resolve the issue or give you access to a benefit. Phishing phone calls can be effective due to people’s reticence to be rude when speaking to others, such as by hanging up or questioning the caller’s identity.
An example of a typical phishing phone call is someone posing as an IRS representative and claiming you owe taxes. They will solicit the number and password for your bank account on the premise that they’ll be withdrawing a specific amount of taxes owed.
Phishing text messages, also called smishing or SMS phishing, involve scammers sending phony text messages meant to trick recipients into giving up personal or sensitive information. The texts may contain an urgent request for action and a link you’re meant to click to stave off a problem. The link will take you to a page where you’ll be directed to input information that scammers can use to steal your identity or money.
An example of a standard smishing message is a notification that a package is being delivered and contains a link that supposedly tracks the delivery. The phony link will give the scammer access to install malware on your mobile device.
The most important way to protect yourself against phishing attacks is to know how to recognize them. Make it a policy never to trust unsolicited communication that asks for sensitive or personal information. When in doubt, independently search out the phone number for the institution that says it is contacting you and call them to ask whether the message you’ve received is legitimate.
Here are some other ways to protect yourself from phishing attacks:
There are several ways to report phishing attempts to authorities to help them protect others from similar fraud attempts.
Phishing is hardly the only type of online scam that can threaten the safety of your information and financial security. Here are some other types of online scams to look out for:
Staying safe online requires vigilance, which is easier to cultivate when you know what you’re looking for. That’s why it’s vital to learn the signs of phishing scams, from misspelled URLs to urgent phone calls to suspicious requests for money. Scams are constantly evolving, so it’s a good idea to stay updated on the latest frauds by regularly perusing the consumer alerts on the FTC’s Scams page.
It’s also essential to ensure that your financial data is secure online. Security measures like encryption, two-factor authentication, secure passwords and account activity monitoring can help you keep your money safe. Financial data protection apps like ID Shield, ID Watchdog and IdentityForce can also help increase your security and peace of mind.
And remember that Seacoast Bank is dedicated to keeping its customers safe and will never call, text or email you with a request to provide or verify sensitive information such as your PIN, account password or social security number. We are here to help you avoid falling victim to fraud. Read our fraud prevention page to learn more about how you can protect yourself online.