Utilizing email, this is one of the primary methods a hacker will use to compromise your personal information, either by asking you to give it to them or by directing you to a site which is embedded with Malware. These attacks are typically carried in waves, directed at thousands of email addresses and they play on human emotion. There is no shortage of scams which are employed by hackers, but generally they will prey on your sense of good-will and fear. Examples include, but are not limited to, stating your account has been suspended, someone needs your assistance in a time of crisis, and due a security breach you must update your account information are just a few common themes in a phishing attempt. Please see the below example:
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association. Please click here to view report.
The underlined ‘click here’ points to a fraudulent site which request that you enter personal identifiable information such as Social Security Number, Date of Birth, Account Numbers, and logon credentials if you use online banking.
Indentifying Phishing Emails
- Read the email. Often the grammatical mistakes are found.
- If a link is provided, hover over it. A hacker can’t direct you to www.wsfsbank.com so a fraudulent site will have a variance in its address, such as www.wsfsbank.cm.com.
- Do not follow the links provided, just as much as it could be asking for personal information the site could also be hosting Malware, to slowly mine your computer for personal information.
- If a number is provided do not call it. Call the institution identified in the email directly.
If you feel you have been a victim of a phishing scam contact your financial institutions and the additional numbers provided here.