What is Phishing? Know the Signs to Avoid Phishing Attempts
The internet has made shopping and banking easier than it’s ever been—but it’s also created new opportunities for hackers and thieves. “Phishing” schemes are one of the most common types of online fraud, but there are simple and effective ways to prevent phishing. The best way to stay safe is to stay informed; almost all scams can be spotted if you know what to look for.
What is phishing?
“Phishing” refers to a scammer casting their figurative bait until a victim “bites,” by providing information like account numbers, personal data, or login credentials.
The most common type of phishing attempt is an email claiming to be from a trusted source. If you’ve ever had a stranger message you on social media with a generic-looking introduction and a clickable link, that’s another classic phishing tactic.
Phishing attempts will usually be a request for your personal information, coming from what’s supposed to look like a reputable source: a bank, online retailer, or someone with a big offer. However, on the other end is actually a cybercriminal, trying to steal information for profit.
Is phishing always done online?
Even though phishing usually happens online, it doesn’t always.
Offline phishing attempts are usually over the phone, a.k.a. “voice phishing.” Umpqua Bank will never call, text or email you to ask for your debit card number, account number, or other confidential information. If you receive a suspicious call or text message claiming to be from Umpqua, hang up and call us at (866) 486-7782, or email firstname.lastname@example.org. You can also check our scam alert page to stay aware of recent online fraud attempts.
In a voice phishing scam, the target usually gets an automated call asking them to take some sort of action. Some common tactics include:
A bogus gift card or sweepstakes win.
Someone impersonating a bank or credit card company. They may promise an exciting “rebate” or “pre-approval,” or they may claim that you owe them money or they need you to provide your account information.
A robo-call warning you that you’re in trouble with the police and that you need to call a number and provide personal information.
If you have a fax machine, you may receive phishing faxes asking you to respond with personal information.
If you get a phone phishing call or text message, hang up immediately. Don’t respond or provide any information. The US Federal Trade Commission also offers a phone number for reporting phone and fax scams.
Who’s at risk for phishing scams?
Phishing can affect anyone, although the elderly are especially vulnerable—partly because they can be less internet-savvy. You can protect your loved ones by educating them about how to spot phishing attempts.
Most phishing emails have telltale signs that give the scam away. Here are some to watch out for:
Look at the sender’s address. Scammers might use email addresses that look familiar, but don’t hold up to closer inspection. For example, legitimate emails from us will be from someone @umpquabank.com. A scammer might send an email from “@inc.Umpqua.biz.” This is one of the easiest ways to spot a fake.
Email addresses can be spoofed or hacked, so it’s possible that a phishing attempt can be sent from a trusted address. Even if the sender’s address passes this first test, pay attention for other signs.
If the email refers to an action you didn’t do, this is a good sign it’s fake. If you didn’t sign up for a service and the email says you did, it’s probably a phishing attempt.
Check the spelling, grammar, and quality of the email. Fortunately, a lot of phishing attempts are pretty sloppy—cybercriminals usually prioritize quantity over quality. It’s rare for a reputable business to make spelling or grammar mistakes in their emails to customers. If images like the company logo look pixelated or grainy, this is another sign that the sender is a fake.
Use your best judgment. As always, beware of something that sounds too good to be true, and be skeptical of requests from strangers. Phishing emails often appeal to our emotions, or take an urgent, desperate tone, so look out for “hard sell” tactics.
Beware of strange emails from people you know. When someone falls for a scam, their email account may be used to send more phishing emails to their contacts. Watch out for messages from friends that urge you to take an action, or include just an odd-looking link. A good tactic to avoid phishing emails is to educate your friends.
Double-check the URL: One of the best and easiest ways to verify that a site is legitimate is to look at the URL bar where the web address goes and see that it starts with “HTTPS,” not just “HTTP.” The S stands for “secure,” and some browsers will show a little lock icon to indicate that the connection is safer than a standard connection.
Before you click on any links within an email, use your mouse to hover over them. Usually, your browser will show the link’s URL when you hover over it. Phishing scammers will often use a URL that’s one letter off from a major website—think “Gogle.com.” Or, they might try to fool you with a site that uses a different top level domain—like “.biz” instead of “.com”
For more ways to stay safe when shopping or banking on the web, check out our easy tips to protect your personal information online.
Should I take any additional steps to secure the mobile device I use for online banking?
With your phone or tablet, you can access your banking information from anywhere. We recommend you take a few simple steps to help secure your mobile device, so you can bank with convenience and peace-of-mind. For more information, read our guide to safe mobile banking.