How to Avoid Phishing
Learn more about different types of phishing—and how to protect yourself from scammers taking advantage of the COVID-19 outbreak
Identity theft affects millions of individuals each year. And government agencies, including the Department of Homeland Security, are warning that cybercriminals are using the spread of the coronavirus as an opportunity to target consumers.
Phishing scams are one way fraudsters can gain access to your personal information. And there are different types of phishing attacks—including smishing, vishing and pharming, to name a few. But how do you identify different phishing scams? And how do you protect yourself?
What Is Phishing?
Phishing scams occur when fraudsters pose as trustworthy sources to obtain sensitive, personal information. They may pretend to be your bank, the electric company or anyone else you might trust with personal information.
And when it comes to the outbreak of COVID-19, there have been reports of people posing as trusted organizations like the World Health Organization and the Centers for Disease Control and Prevention.
Even if a phone call, email or text message seems official, always think twice before sharing sensitive information. Keep reading to learn more about types of phishing and how you can protect yourself.
Types of Phishing
There are three primary types of phishing attacks: smishing, vishing and pharming. Each of them uses a different method to acquire your sensitive information.
But they all have one thing in common: The scammer wants to build trust with you in order to access your personal information—things like usernames, passwords, bank account numbers and credit card numbers.
What Is Smishing?
Smishing is when scammers send fake text messages to trick you into giving them your personal information. The term smishing is a combination of SMS—short message service—and phishing. In short, it’s phishing via text message.
A common smishing text message might seem like it’s from your bank. And the text could include a link or phone number to trick you into sharing your account information. If you were to share your information, the scammer would have access to your account. Links could also contain software that gives fraudsters access to your device.
The Federal Communications Commission gives five tips to avoid smishing:
- Don’t respond, even if the message says you can “text STOP” to end messages.
- Never click links or call numbers you don’t recognize.
- Delete all suspicious texts.
- Make sure your devices and security software are up to date.
- Consider installing anti-malware software for added security.
One more thing: Your phone may have an option to filter and block messages from unknown senders or spam. Here are ways to filter and block messages on an iPhone and how to block a phone number on an Android phone.
What Is Vishing?
Vishing is a phone scam used to trick or scare you into sending money, handing over financial information or allowing remote access to your computer. The word is a combination of “voice” and “phishing.”
Vishing scams can take many forms. In one version, scammers could call and ask you to verify your account information or reactivate your credit or debit card. They could also direct you to call them for similar reasons.
Another example of vishing could involve a phone call from someone pretending to be from a legitimate software company. They might ask for remote access to your computer to install the latest version of existing software. But what they really want is access to usernames, passwords or other sensitive information.
Calls may not even come from a live person. Scammers could also use recorded prompts to get you to share your information.
The FBI has a few recommendations to help you avoid vishing attacks:
- Be skeptical of anyone who calls asking for personal information.
- If you think the call may be legitimate, you can always hang up and call the number on the back of your credit card or listed on an official website instead.
- Remember that numbers given to you during a call could be unreliable and just another part of the scam.
In general, be cautious of any caller who wants information, money or access to your computer.
What Is Pharming?
Pharming is a scam used to direct users to a phony website to get them to divulge personal information. One of the latest evolutions in internet scamming, pharming has been called “phishing without a lure.”
In a pharming scam, your browser or computer could be affected without you knowing. You could reach the site through an email or a bad link.
But some pharming attacks are sophisticated enough that they can redirect you to fraudulent sites—even if you typed a legitimate URL into your web browser. When you try to access it, a hacker or piece of malware may direct you to a site with a similar address. The site might be just one letter off, or it might use similar-looking characters to try to fool you, such as replacing a lowercase “l” with the number “1.”
Once you’re on an imposter site, you could unknowingly submit bank passwords or credit card numbers to someone who is out to steal your identity.
Pharming can be harder to detect than other types of phishing. But anti-phishing specialist Fraud Watch International says there are still ways you can help protect yourself from pharming attempts:
- Ensure your security software is up to date.
- Set up your Wi-Fi router with a custom password.
- Avoid suspicious websites.
- Be cautious about emails from sources you don’t know, especially if they contain attachments or links.
How to Identify Phishing
Smishing, vishing and pharming are all similar versions of the same scam. The goal is to gain your trust, and many of the tactics scammers use can overlap between the different types of phishing. But you can help protect yourself by being skeptical and learning how to recognize phishing attempts. The Federal Trade Commission (FTC) offers a few general phishing red flags to keep an eye out for:
- If emails or texts sound overly urgent and ask you to respond right away.
- If emails or texts use generic titles (Mr., Mrs., Sir, Madam) instead of your legal name.
- If a caller asks you to validate information with a Social Security number or account number.
- If emails come from addresses that don’t match the names of the companies supposedly sending you the emails. Keep in mind, phishing emails may use official logos and headers.
- If emails or texts invite you to click links to update payment or account information.
- If emails or texts contain links asking you to provide information without signing in through the secure site you typically use to access your account. Or if links lead to a site that looks familiar but the web address is incorrect or has subtle differences.
If you experience any of these phishing scam techniques, don’t risk responding directly—and avoid clicking on any links in the email or text you received. If you have questions or concerns, contact the company through its official website or phone number to ask about the suspicious message.
Check Your Credit Report Regularly
Checking your credit report is one way to monitor for identity theft and fraud that can result from phishing. You can obtain free credit reports at AnnualCreditReport.com. Requesting your reports will not negatively impact your score.
Typically, you’re entitled to a free copy of your credit report every 12 months from each major credit bureau. But in response to the COVID-19 crisis, you can get free online credit reports every week through April 2021.
Once you receive your reports, review them for suspicious activity, such as account inquiries, new accounts or debts you don’t recognize. You’ll also want to verify your personal information.
If any information is incorrect, notify the credit bureaus to have it corrected or deleted.
You can also use CreditWise® from Capital One® to monitor your credit. It’s free for everyone and it won’t hurt your credit score.
Review All Bills and Account Statements for Unusual Activity
If you suspect fraudsters have obtained your personal information, you should also review all your account statements thoroughly and promptly.
Even if you don’t suspect fraud, it’s good practice to make sure you recognize all charges, checks and withdrawals. Identity thieves often start with small transactions, with the hope of going undetected.
If you’re ever a victim of identity fraud, contact your bank and credit card companies. And the FBI says to report complaints to its Internet Crime Complaint Center. The FTC also has a site to report phishing attacks.
Capital One and Phishing
If someone claims to be a Capital One representative and reaches out to you about COVID-19, it may be a phishing attempt.
If you believe a phone call could be phishing, hang up. If you think you’ve received a fraudulent email that claims to be from Capital One, follow these tips:
- Don’t reply to the email.
- Don’t click on any of the links embedded in the email.
- Forward the email to email@example.com.
- After forwarding the email to Capital One for investigation, delete it.
- Be sure to monitor your account and call Capital One if you notice any unusual activity.
Government and private relief efforts vary by location and may have changed since this article was published. Consult a financial adviser or the relevant government agencies and private lenders for the most current information.
We hope you found this helpful. Our content is not intended to provide legal, investment or financial advice or to indicate that a particular Capital One product or service is available or right for you. For specific advice about your unique circumstances, consider talking with a qualified professional.
Your CreditWise score is calculated using the TransUnion® VantageScore® 3.0 model, which is one of many scoring models used by lenders. It likely won’t be the same model your lender uses, but it is an accurate measure of your credit health. The availability of the CreditWise tool depends on our ability to obtain your credit history from TransUnion. Alerts are based on changes to your TransUnion and Experian® credit reports and information we find on the dark web. The tool is not guaranteed to detect all identity theft.