According to recently released Federal Trade Commission data, consumers reported losing nearly $8.8 billion to fraud in 2022, an increase of more than 30 percent over the previous year. Each day, cybercriminals continue to launch sophisticated phishing attacks on unsuspecting individuals.
Whether they do so via email, text message or phone call, scammers regularly seek access to personal information or confidential documents they can use for financial gain. Thankfully, there are several steps you can take to help protect yourself from becoming the victim of a phishing scheme.
What is phishing?
Phishing is when a scammer sends an email or text message that appears to be from a person or institution you trust yet is actually a scheme designed to get you to divulge personal information or provide them with uninhibited access to your device. In other words, phishing is an attempt to obtain personal information under false pretenses—scammers present themselves as legitimate businesses or authority figures to gain your trust, and then take advantage of it. Some phishing schemes also utilize automated voice calls as opposed to email or text—a practice commonly referred to as “vishing.”
In a phishing scheme, scammers disguising themselves as a trustworthy entity will solicit debit or credit card information, bank account information, PINs, usernames and passwords or Social Security Numbers. They might also urge you to click on a “dirty” link that grants them access to your device and your data—allowing them to lock you out of your device, steal your personal information or install malware that compromises your security.
How can you recognize a phishing attempt?
While the majority of phishing attempts are caught by spam filters, some are able to bypass security algorithms and make it all the way to your inbox. Thus, it is beneficial to understand what characterizes a typical phishing attempt so you can avoid becoming a victim of fraud or identity theft:
- Grammatical errors. A phishing attempt may appear to be from your bank or another trusted source like a credit card company, social networking site or online store, but if it was sent by an unofficial email address or is filled with grammatical errors, it may be a scam.
- Requests to click on a link, open an attachment or provide personal information. Any message that asks you—unsolicited—to click on a specific link, open an attachment or provide personal information may be part of a phishing scheme.
- Pressure to act quickly. Phishing attempts often pressure individuals to act immediately in order to avoid further penalty or punishment. Scare tactics, threats and the use of emotional language to convey a sense of urgency are common.
- Unrecognized organizations. If you receive a message from an organization that you’ve never interacted with nor created an account with, it may be a phishing attempt.
How can you protect yourself?
At Busey, we believe the most effective way to prevent customers from becoming victims of theft or identity fraud is to educate them on personal security practices:
- Don’t provide personal information when you did not initiate the process. Be aware of any email, text message or call that asks you to confirm personal information or account details. As a financial institution, we will never ask for your account numbers, passwords or PIN.
- If urged to do so, avoid clicking on links or opening unsolicited attachments. Visiting unsafe, suspicious websites can lead to the intrusion of malware. Be cautious when opening emails or attachments you don’t recognize, even if it comes from someone in your contact list.
- Regularly monitor your bank accounts, debit card transactions, credit card statements and credit report. Ensure all transactions are legitimate and report discrepancies immediately. Don’t just look for big purchases—check for small purchases that are unauthorized as well. When using someone else’s card or bank account, criminals often make small purchases as a “test” before making larger purchases.
- Contact the institution. If you’re being pressured to act quickly, don’t be afraid to contact the organization that appears to be contacting you to confirm the legitimacy of the information you received.
- Back up your data. Protect the data on your devices by copying files to an external hard drive or uploading it to cloud storage. If there is company information on your device, make sure this is approved by your employer.
- Utilize multi-factor authentication. Multi-factor authentication can prevent scammers from accessing your accounts. Change passwords immediately if you have reason to believe it was compromised.
- Update security software on your devices. On most devices, you can set your security software to update automatically to ensure maximum protection.
- Ensure browser security. If submitting financial information on a website, look for an indicator that the web address you’re using is encrypted. Secure websites usually have a padlock or key icon at the top or bottom of the browser. You can also check that the web address begins with “https,” which indicates that a particular webpage is secure.
What should you do if you’ve been compromised?
We urge you to think twice before clicking on external links or providing personal information via email, text message or phone call, but we also understand that people make mistakes.
If you have reason to believe that a fraudster has access to your personal information, contact your financial institution immediately. You can also visit IdentityTheft.gov, where you will see specific steps to take based on the information you lost. If you clicked on a link or opened an attachment that you think may have installed malware on your device, update your security software and run a scan.
When dealing with potential phishing schemes, it’s better to be safe than sorry—be skeptical, know what to look for, be proactive in protecting yourself from fraudulent activity and act quickly if your personal information has been compromised.
For more information on how to recognize and avoid phishing schemes, visit ftc.gov/phishing.
To report a phishing attempt, visit reportfraud.ftc.gov.