You might be familiar with email phishing but you should know it’s not the only type of phishing you can experience. Criminals will also use websites, text messages and phone calls to deploy a phishing scam.
In this article, we’ll take a look at the common forms of phishing that you might encounter, explain the warning signs for each and let you know what you can do to prevent yourself from becoming a victim.
Email phishing
You might be most familiar with email phishing. Typically, you receive an email from a trusted organization, your bank for example, and the email asks you to click on the link. And, once you click on the link, you’re taken to a site that looks identical to what you were expecting. But in this case, it’s a phishing site that can capture your log-in information and then use it to possibly drain your account.
Scammers will typically use a popular brand name and logo to attempt to get past your defenses. It could be a big brand like Visa or another trusted financial institution. So, it pays to be alert, even if you’re a customer of the company.
How to recognize a phishing email
Our email inboxes are usually bursting at the seams and an important sounding message from your bank or, perhaps, Visa could stand out. But here’s what you should be on the lookout for:
- Email address doesn’t match. Scam artists can fake the sender's email address and mask the true account they are using.
- Misspelled words. Do you see extra spaces in the subject line and the improper capitalization of certain words? Spelling and grammar errors are common in phishing scams.
- No name. A phishing email may not address you by name.
- Suspicious request. Visa, like other financial institutions, does not contact cardholders to request their personal account information, so a request to "update" card information is suspicious.
- Hyperlinks. Avoid clicking on hyperlinks if possible. A single click can cause your computer to become infected with malware, and there may not always be visual clues that you’ve been hacked. Instead, go directly to the business’s website and find help to confirm the authenticity of the email.
- Deadline. Sometimes scammers will include a deadline and threaten account suspension, in hopes of adding a sense of urgency to override your normal sense of caution.
- No contact information. However, even the presence of a phone number doesn't guarantee legitimacy. If something feels a suspicious about the email, contact your financial institution directly using a number you’ve found on an account statement, your bank’s site, or your card.
If you’ve received a phishing email like this and it uses Visa’s name, we’d like to see it. Report it to phishing@visa.com. By participating in our anti-phishing security efforts, you can help prevent other consumers from becoming victims.
Text message phishing
With more companies using text messages to communicate with their customers, it can sometimes be a little tricky to figure out what’s legitimate and what’s a scam.
How to recognize a phishing text message
- There’s a link instead of a phone number to call. And a hyperlink can be just as dangerous to open on your phone as it is on your computer.
- The text you receive may not contain the name of the bank or any other information.
- The text requests that you log in to your bank account to verify a transaction, enter your PIN, or provide a 3-digit CVV code.
Remember: You can always forward a suspicious text message you’ve received to 7726 (SPAM).
Phone-based phishing
Phishing happens over the phone, too. Scammers might pose as financial institution and or credit card representatives to trick unwary consumers into providing the three-digit security code on the back of a credit card or other sensitive information.
How to recognize phone-based phishing
- You’ll receive a phone call from a credit card company, typically from someone who works in the “Security and Fraud Department.”
- The scammer explains that your card has been flagged for suspicious transactions and you need to prove that you have the card in your possession.
- And, finally, in order to prove that you have the card, you’ll be asked to provide the three-digit security code.
One of the things that’s tricky about this scam is that the scammer might have some of your personal information—which reinforces the perception that this call is legitimate.
You should know that, typically, financial institutions like Visa, do not call customers and request their personal account information. If you get a call like this, hang up immediately. You should also call your bank to report the phishing attempt or, if it’s Visa related, report it to us at phishing@visa.com.
Website phishing
Scammers are only getting better and better at designing websites that look legitimate. And sometimes, you might click on a link from a search or an email that seems safe but instead directs you to a spoofed site run by a scammer.
How to recognize website phishing
- There’s something slightly off about the web address or the actual page. Look for misspelled words, substitutions or updated logos.
- An unusual popup on the site that requests that you enter your account information.
- There are HTML links that don’t match their destination.
Many modern browsers offer options for anti-phishing protection that can warn you if you’re visiting an unsafe website. But as always, one of the best tools to protect yourself is by using your common sense.
Have you encountered a phishing scam?
If you experience a phishing scam of any sort that uses Visa’s name, please let us know by emailing us at phishing@visa.com. We appreciate your input and while we can’t respond to each email, we do, fully investigate each claim to help stop fraud at the source.
For more information on phishing and other computer-based scams, visit the National Cyber Security Alliance at http://www.staysafeonline.org/.