by Sharon McDowell
Your cell phone dings. It’s a text message from an unknown number. The message is from a service company warning that your account has been hacked and urging you to call them right away.
The landline rings. The person on the other side of the line tells you the electricity is going to be turned off unless you pay right now. You question whether you forgot to pay your bill. Isn’t it set up on auto payment?
You sign into your email and the first message is from your bank saying your account has been locked. Again, you are instructed to call a certain number right away.
These examples might be familiar because rarely does a month go by without us experiencing some attempt to convince us to share some aspect of our financial information or access to our accounts.
Last year, Americans received 376,032,773 spam text messages a day, an increase of 1,024 percent over 2021.
In 2022, there were more than 50 billion scam and spam phone calls in the United States with victims losing a total of $39.5 billion to the callers. Phishing emails increased 29 percent over last year.
Text messages are especially effective as people tend to read them quickly. We are often on our phones and are excessively engaged with our technology. Scammers know this and use highly emotional language filled with urgency and danger to trick us into acting without thinking.
With such a high number of daily attacks, how do we keep ourselves safe? It’s not always easy, especially when many scam messages look like they are from big corporations such as Amazon, FedEx, UPS, Chase, and Bank of America.
Here’s what you need to keep in mind
Scam messages have four main components:
#1: They usually claim to be from a well-known organization or company.
#2: There is a problem, or a prize involved. In addition to the examples above, you might also be told you earned a reward, are getting a tax rebate, or someone wants to give you a gift card.
#3: There is an urgency to the message with pressure to act immediately.
#4: Payment is required or requested in a very specific way.
The first recommendation is to avoid reacting to the urgency of the call or message. Take a deep breath. Did you pay the electric bill? Check your records and find out.
To discover if an account is truly locked, go to the account and see if you can log in.
To really make sure, call or visit the local branch of your bank or utility account and ask them.
If these steps don’t fit the situation, the next step is to carefully look at the company’s logo. Are the colors correct? Is the name spelled correctly?
Check the URL. Does it end with a “.com” or with something else? For example, well-known organizations will not use a “.me” in their website address. Scammers buy domain names with the letters jumbled, such as “eBya.com” or a name somewhat like a real company’s name to fool viewers, such as “Arnazon.com.” These fake domain names will sometimes come with a fake website that might appear legitimate.
Pay attention to where the domain name is in the URL. The portion of the address directly preceding the “.com” should be the website you are visiting.
Still unsure if that text, email or phone call is legit or not? Never give any personal information. Don’t even text back to advise someone your number is the wrong number. Instead of clicking on a provided link or calling the number they suggest, go to your records and find the organization’s main number.
Keep in mind that when you enter or provide your name and password, you give complete access to that account. Gaining access to Netflix or Spotify might not lead to any direct consequence, but for many people, that log in password might be one you use elsewhere, like your checking account. If you logged into a fake website before you realized it was a scam, change all similar passwords immediately. Better yet, use different passwords for every account so if one password and account is compromised, your other accounts will not be.
General tips for online safety
Make sure the website starts with “https” and not just “http.” The “s” means it is secure. Some browsers will warn you the website is not secure. Pay attention to those warnings. When purchasing anything online, make sure the sites are using “https” and all transactions are secure and traceable.
Look also for the lock symbol to the left of the URL. The lock icon also indicates that the website is secure.
Don’t forget to clean and keep storage accounts like Dropbox or Google Drive up to date. Phishing attacks on these accounts usually don’t amount to much, but sometimes the scammer strikes gold because people tend to ignore these sites and forget exactly what information is stored there.
Consider using a password manager. A password manager is a computer program that allows you to use and store passwords on your device. They can also generate passwords and fill out online forms. Every account can have a different and complex password you won’t need to remember, and the password manager won’t sign into a fake website.
Block website pop-ups. Don’t open any suspicious links and only go to websites with trusted certificates.
Use a VPN. A VPN is a virtual private network that adds another layer of security. It hides your identity when you are on the internet. Being connected to a VPN and your virus protection software won’t keep you 100-percent safe, but it will make it harder for the criminals to gain access to your information.
The proliferation of scams is mind-boggling; by practicing caution, you can significantly reduce your risk of being the victim of a scammer.
Back to Financial Resource Center