How to Avoid Phishing Scams
While online and mobile banking and e-commerce are safe, the volume and sophistication of phishing scams continues to dramatically increase.
As a general rule, you should be careful about giving out your personal financial information over the Internet.
Here are some steps you can take to avoid becoming a victim:
- Phishers typically include upsetting or exciting (but false) statements to get people to hand over their usernames, passwords, credit card numbers, Social Security numbers, date of birth and other personal information.
- Pay attention to the website you are being directed to and hover over URLS. An email that appears to be from PayPal could direct you to a website that is instead “http://www.2paypal.com”or “hxxp://www.gotyouscammed.com/paypal/login.htm.”
- You should only communicate information such as credit card numbers or account information via a secure website or telephone.
- Never use public, unsecured WiFi for banking, shopping or entering personal information online, even if the website is secure.
- When in doubt, your 3/4G or LTE connection is always safer than using public WiFi
- Unless an email is digitally signed, you can’t be sure it wasn’t forged or spoofed.
- Double-clicking the “lock” icon on a website will display the security certificate for the website. If the certificate isn’t displayed, or you get a warning message that the address of the website does not match the certificate, do not continue.
- Typically, phisher emails are not personalized, but they can be. Valid messages from your bank and e-commerce companies are personalized. When in doubt, call the company directly to see if the email is in fact from them.
- Phishers have the ability to spoof and/or forge the https:// that you normally see on a secure Web server and a legitimate-looking Web address, which – again – is why you should always type the web address yourself instead of clicking on displayed links.