Financial institutions often emphasize the significance of personal and financial security, to the point where it might start to just seem like noise. But as tempting as it may be to tune it out, fraud and scams are real threats that lurk at the virtual doorstep of almost every digital platform and device you engage with daily.
Phishing is a common tactic used by fraudsters. It involves deceiving individuals into revealing sensitive information or persuading them to download malicious software onto their personal or professional devices.
Email phishing is one of the most common tactics used by fraudsters. In an effort to deceive their targets, fraudsters pose as an entity (such as a streaming service) and send emails with falsified warnings to create a sense of urgency, pressuring the recipient to take action These emails usually contain malicious links that recipients are pressured to click on.
Spear phishing takes phishing a step further. While phishing is typically sent out to random individuals, spear phishing targets a specific individual, group or organization. For instance, a fraudster may attack employees of a retail store to try and infiltrate their internal databases containing customer information.
But email isn’t the only place that fraudsters phish. They also use other communication channels, including:
- Text message (smishing)
- Phone calls (vishing)
- Social media platforms (angler phishing)
- Browser pop up notifications (pop-up phishing)
- Fake websites (pharming)
Let’s walk through how each of these types of phishing work.
Text Message (Smishing)
Smishing is when a fraudster disguises themselves as an entity and sends text messages with falsified warnings to create a sense of urgency to pressure the recipient to act. Just like phishing emails, these messages usually contain malicious links that recipients are pressured to click on. Consider this example: A fraudster pretends to be a state toll service, texting you that you need to visit a link to pay an “overdue toll charge” to avoid late fees. If you receive a text like this, it’s probably a scam.
Read more on overdue toll charge scams from the Federal Trade Commission here.
Phone Calls (Vishing)
Vishing is when a fraudster disguises their voice to sound like another person, usually someone you know, to trick people in sharing their personal information such as your bank account number. The fraudster may even spoof, or imitate, a trusted number to make their call seem more legitimate. An example of a vishing phone call would be a fraudster acting as a grandson in need of money from his grandparents for an “emergency” situation like bail money for jail. Another example would be a fraudster impersonating an individual’s bank and claiming that they need login credentials to “fix an issue” with the individual’s account. If you receive an unexpected call asking for personal information, hang up, look up the phone number for the person or organization, and call yourself to verify the request.
Social Media Platforms (Angler Phishing)
Angler phishing is when a fraudster targets social media users who have made a complaint on social media. The fraudster creates a fake account and pretends to be customer service personnel who wants to help the social media user solve the complaint that was posted online. In the process of “helping” resolve, the fraudster asks for personal information such as a credit card number or account details.
Browser Pop Up Notifications (Pop-up Phishing)
Pop-up phishing is when a fraudster deploys malicious pop-up notifications on individuals’ web browsers, prompting them to click on the pop-up. This method often uses scare tactics to encourage the individual to take immediate actions. For example, a fake virus alert pop-up claiming a device has been infected and that the user needs to download an antivirus software. But when the software recommended is downloaded, malware included in the download causes the computer and information on it to be compromised.
Fake Websites (Pharming)
Pharming is when a fraudster redirects a user from a legitimate website to a spoofed website that replicates the real one. This can make pharming attempts hard to detect. Once on the spoofed site, the fraudster gains access to the user’s personal information through an unintentional handover by the user or malware accidentally installed. An example of this would be an individual entering their banking information into the login page of a spoofed website that looks like the legitimate login page on their bank’s website. The fraudster can collect the entered information and then gain access to the user’s online banking account to transfer funds.
Read more from the Federal Trade Commission on types of pharming here.
Safeguarding Your information
We know what you’re thinking… where do the fraud attacks and jargon end? While the different types of phishing tactics used by fraudsters can be overwhelming, you can take proactive steps to protect yourself and your information. Here are ten ideas to get you started:
- Educate yourself on phishing scam signs (looks like you're ahead of the game -- considered this one checked off!).
- Don’t click on any links or attachments in messages, emails or pop-ups that seem suspicious.
- Block automatic pop-ups in your browsers.
- Install security or antivirus software on your devices from trusted companies.
- Keep all your devices up to date.
- Utilize multi-factor authentication when it’s offered.
- Turn on spam filters for your email, text messages and phone calls.
- Always treat surprise phone calls that include a request for finances or personal information as a scam until proven otherwise.
- Avoid sharing personal information such as email addresses online.
- Never share your financial information on social media or in an email, text message or phone call.
Here for You
We appreciate you choosing us as your community bank. Merchants Bank is a safe, strong and committed to protecting you and your financials. If you ever have questions regarding fraud or scams, please reach out to our Customer Engagement Center or your
local branch.