Source: Digital InTheRound, 2021
From 2015-2020, the FBI’s Internet Crime Complaint Center (IC3) received more than 2.2 million fraud complaints and reported losses of $13.3 billion. The largest numbers of complaints and most significant monetary losses were attributed to phishing scams.
In 2019, the Anti-Phishing Working Group (APWG) (an international effort to reduce cybercrime made up of more than 2,200 government, industry, and law enforcement organizations) recorded a record level of phishing scams, which continued into 2021. The group detected more than 600,000 phishing websites, 325,500 unique phishing email scam campaigns, and more than 1,300 brands that scammers targeted in the first quarter of 2021.
Phishing scams are designed to steal your identity and ultimately take your money. In most cases, the scammers impersonate a legitimate business or associate to trick you into believing you are dealing with a trusted source.
For example, you might get an email claiming to be from Amazon asking you to verify a purchase or your bank asking you to confirm a charge. If you click on the link provided, you might be redirected to a fake website that looks similar to the real one and asks you to enter your login information.
You might also launch malicious software that can scan your computer to steal your account information by clicking on the link. This software might also encrypt everything on your computer and demand a payment to de-encrypt it (ransomware).
Phishing scams can happen via email, text, phone calls, and even mail. They may also use fake websites to trick you into entering your information.
Phishing scams have become more sophisticated over time. Scammers use social engineering tactics to learn personal details about you to personalize their contact with you and make their requests more believable. For example, scammers might learn the CEO of a company is traveling through social media posts or check-ins. They then launch a phishing email attack impersonating the CEO and ask the CFO to wire money using details of the trip to convince them it's really them.
The goal of most phishing scams fall is to trick you into taking one of these actions:
All phishing scams have one main goal in mind—to steal your money. Whether that is via first stealing your identity or simply getting your bank account information directly.
Scammers will use all sorts of tricks to get you to click on a link, provide personal information, or send the money. While there are hundreds of thousands of different phishing scams active at any time, they all have a few common elements.
Consumers and businesses need to remain vigilant to look for the red flags and avoid becoming a victim. With some 3 billion phishing emails being sent every day, scammers are working hard to fool you. Don’t let them.
Beating phishing scams requires being careful anytime you receive an email or text, especially if it asks for passwords, personal information, or money.
If you suspect suspicious activity, don’t click on any links or enter any information. If you have doubts, contact the company by finding their official website or contact information rather than responding to an email or clicking on a link.
To avoid falling for a phishing scam, remember:
Make sure you’re using strong and unique passwords for all of your accounts. This way, if a scammer gets hold of one of your passwords, they won’t gain access to multiple accounts. You should also change your passwords regularly to keep the scammers at bay. You can use a password manager to help you keep track of them all.
To keep yourself safe from phishing scams, you should familiarize yourself with some of the most common versions so you can stay alert.
Scammers impersonate a company employee or customer and trick the business into sending money, such as asking them to wire money to pay a bill or sending a deposit for a fake invoice. In 2020, business email compromise (BEC) phishing email scams cost companies approximately $1.8 billion.
Scammers send a message saying you need to reset your Microsoft password or claim there is an issue with your account that needs immediate attention. When you click on the link, you are directed to a fake site where scammers can steal your passwords and then use your email to scam others.
A phishing email arrives saying your account has been suspended due to lack of activity or suspicious activity. Another version of this is when scammers say your account will auto-renew at a specified rate if you do not act. These scams are common with brands like PayPal and Amazon.
Scammers impersonate FedEx or UPS, claiming they could not deliver a package, and ask you to provide additional details to reschedule the delivery. This message can come as either a text message or email.
A phishing email may appear to come from your employer, alerting you to changes in personnel policies that you need to indicate you received. Always check with your employer directly if emails seem suspicious.
Another common phishing scam is an email from a company such as Amazon, Walmart, or Target asking you to verify a large purchase. Scammers hope people will click on the links they provided to avoid being charged for a purchase they didn’t make.
Scammers offer free COVID-19 tests, government stimulus payments, or Medicare prescription cards in exchange for personal information used to steal your identity.
These phishing scams include offers about government services, such as unemployment benefits or student loan deferments.
To recover from a phishing scam, you need to take the following specific actions.
If you have been scammed out of money, you will want to call the bank, credit card issuer, money wire service, or gift card provider to alert them you have been scammed. Ask them to reverse the charges.
Often phishing scams involve placing malicious code on your device. Update your antivirus software and run a full system scan to ensure your computer, laptop, or electronic device has not been infected.
If you have any reason to believe your email, social media, or any other accounts have been compromised, change the passwords as soon as possible.
If you are concerned about identity theft, bank account, or stolen credit card information, you can place a fraud alert or credit freeze. If you place a fraud alert with Equifax, Experian, or TransUnion, they will report it to the other agencies; therefore, you only need to create a fraud alert once. If you wish to freeze your credit, you must contact each consumer credit reporting agency separately.
Report phishing scams to the FBI Internet Crime Complaint Center (IC3). You will need to provide the following information:
While the IC3 does not undertake investigations, it does forward your complaint to the appropriate federal, state, and local law enforcement agencies.
FedEx is warning customers of a fake text alert going around regarding an issue with a delivery. Learn how to avoid this tricky scam.
Netflix has never offered a free subscription for an entire year. If you receive this offer from "Netflix," it's a scam.
If you ever need to check your Facebook account, always log in directly from the app or by typing in the URL. Don't trust every link you receive in your email.
Not every phone call from a government agency is legit, in fact, the majority of calls that have a "Social Security Administration" caller ID are actually from scammers.
New WhatsApp scams are making the rounds in the lead-up to Father’s Day 2022—here’s what you need to know.
Delivery companies like FedEx, USPS, and UPS are being impersonated in text messages instructing recipients to visit a scam website—here's what you need to know.
Receive a text message about a USPS delivery? If it contains a link, it's a scam—don't click the link!
If you receive a call from Amazon about suspicious activity on your account, it's likely a scam, and you should hang up immediately.
Fake texts are being sent to consumers claiming a hefty sum is waiting for them on a Walmart gift card, but falling for this scam puts you at risk of identity theft.
Whether it's a counterfeit product, a sketchy seller, or a price too good to be true, eBay scams are widespread, so it's important to know how to protect yourself.
Whether you use PayPal for personal use or business transactions, scammers are out to get you. It's what you know and how you act that will keep your money safe.
Keeping your passwords safe and secure doesn't require an expensive subscription—there are plenty of free password managers out there that will do the job well.
LinkedIn has become one of the most impersonated brands and targets of scammers. Learn how to protect yourself and use the platform safely.
Phishing scams have been around for decades and remain one of the cheapest and easiest ways for scammers to obtain your sensitive information.
Robinhood's latest data breach of 5 million email addresses means that Robinhood users are about to encounter a wave of phishing attempts.
A teenager was found guilty of money laundering and fraud after scamming several people out of thousands of dollars.
The global pandemic has unleashed several changes upon the world, from the work-from-home revolution to the phrase “social distancing,” and now, Zoom phishing.
Find out what the overturning of Roe vs. Wade means for abortion rights in your state.
The number of people searching for the term "COVID vaccine 5G" on Google has just hit an all-time high, but there's one way to be sure that there are no microchips.