Welcome to the Q2ebanking Blog

Protect Yourself from "Phishing" Attacks & Social Engineering Scams

Posted by Jay McLaughlin on Thu, Jan 24, 2013 @ 08:01 AM

So what is phishing? 

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords, account numbers, credit card details, and other personal information by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out using social engineering techniques such as email spoofing and often directs users to click a malicious link, or enter sensitive information at a fraudulent website, disguised as a legitimate or trusted source. Phishing e-mails may include a company’s logo or tagline along with a message of urgency regarding a problem with an account or a need to validate personal information.

How do you avoid phishing scams? 

Your bank or credit union should NEVER request personal financial information from you as a customer via e-mail or online forms. As a customer, if you ever receive any suspicious e-mail containing logos or references to your bank, contact the bank directly. Never respond to an unsolicited or suspicious e-mail or provide any information to an unknown source. 

  1. Be suspicious of any unsolicited email requesting personal financial information - even if it appears to be from an entity you trust. These requests may ask for usernames and passwords, PIN numbers, social security numbers, account numbers, or card verification values (CVV) from the back of your credit and debit cards. Never provide this information unless you are using a known secured website or calling directly over the telephone.
  2. Be aware of links embedded in suspicious e-mails. Consider bookmarking free sites such as www.pdfmyurl.com, which will PDF any URL in real-time and present it back to you so you know if the site is fraudulent or real. 
  3. Never overlook your computer security measures.  Install the latest anti-virus updates and anti-spyware software on your computer to prevent malicious websites from installing spyware. Visit www.onguardonline.gov or www.staysafeonline.org to learn more about available security software and other ways to help safeguard your computer.

Awareness is Key

Review your monthly credit card and bank statements.  Remember, time is of the essence.  Don’t wait for your statement to arrive in the mail or your inbox. Checking your statements online will enable you to easily identify errors or recognize unauthorized account activity.  In the case of a disparity or unauthorized transaction(s), notify your financial institution immediately by contacting its customer service department.

Take Prompt Action

If you feel you have been a victim of a "phishing" scam, take immediate steps to mitigate any damage to your personal information and your identity.
  1. Report the fraudulent activity to your financial institution.
  2. File a complaint online with the W3C.
  3. Close existing deposit and checking accounts and reopen them with new account numbers.
  4. Monitor and review your credit reports.  Report unauthorized activity to the three major credit reporting agencies, Experian, Equifax, and TransUnion.
  5. Request a free copy of your credit reports.  To obtain a copy from each of the three major credit bureaus, visit www.annualcreditreport.com.  You may request your reports online, by phone, or through the mail.
  6. If required, you may request that a fraud alert be placed on your credit record requiring that you be contacted before credit is extended using your name and social security number.
  7. Report suspicious activity to the Social Security Administration’s Office of Inspector General Fraud Hotline, by calling 1-800-269-0271 or online at OIG’s website http://oig.ssa.gov/.

Tags: online banking security, online security, phishing, scams, social engineering