**Originally published November 5, 2014. Updated September 21, 2019.**
Picture this: last week, I’m waiting in line for coffee and my phone starts going off. Two text messages, an email, and a missed call from my bank alerting me to fraudulent activity on my account. For security reasons, they’ve put a hold on all my accounts, and I need to call them to unlock the accounts. Something doesn’t feel quite right.
I visited my bank’s website and found their customer service number and called from there. As it turns out, this was a real alert, and I just had to verify two large purchases I recently made. I was relieved but started thinking about what would have happened if the emails and texts I received had been “smishing” or “phishing” scams. Imagine if that number had been a scammer, and I’d provided them with my personal information?
Phishing Scams are Still Prominent
The truth is, this happens all the time. According to a 2019 PhishLabs report, 88% of malicious emails are targeting your credentials. A common phishing email scam involves a message saying there was suspicious account activity. And, to unlock your account, you must provide personal information to the caller or emailer. After you provide this information, the phisher will use it to clear out bank accounts or participate in fraudulent activity on your credit. A “smishing” scam follows the same logic, except the scammer’s mode of contact is via a cell phone text message.
Here’s the thing: legitimate companies will never ask you to provide your personal information via email. They also won’t call you and ask for it. In the case with my bank, the organization called to notify me that they had frozen my accounts, but they didn’t ask me to unlock them then and there. Instead, they encouraged me to log into my account and verify my purchases with a secure Internet connection.
Proceed Phishing Scams with Caution
The moral of this story is if you ever get an email, text, or phone call stating that there’s been suspicious activity on an account, be on alert.
- Never click on the link provided in the email, and don’t call the phone numbers that they’ve provided, either. Instead, navigate directly to the organization’s website and call the customer service number listed there. Alternatively, you can call the number listed on the back of your bank or credit card.
- Put your number on the Do Not Call Registry to avoid phone calls from scammers.
- Setup your email inbox to filter out spam and phishing mail.
- Hover your mouse over a link to verify it is going where you expect it to before you click.
And remember that IdentityForce is always here to help monitor your identity and credit while providing you with the latest news and information in identity theft protection.