In this article:
  • How phishing works
  • 7 common scam techniques
  • Top red flags of a phishy email
  • How to prevent being a victim
  • What to do if you’ve been a target
Beware the most common form of cybercrime: phishing. It’s where cybercriminals trick people into revealing sensitive information or install malware by posing as a trustworthy person or company. Scammers use deceptive emails, messages, calls, or pop-ups to steal your personal and financial information, which can be used for identity theft, financial fraud, or accessing other online accounts.

“We see a lot of Microsoft scam, where they'll pop-up on your computer, and you have to call a phone number for IT support, or emails and messages impersonating companies like PayPal or other payment services,” says Mike Renner, who heads up the Fraud Department at C&F Financial in West Point, Virginia. Renner is a former Marine who specialized in recapturing and defending US assets, and he also served as a financial crimes Detective as a Law Enforcement Officer. Today, he’s focused on helping protect people and businesses from falling victim to scammers.

“It's a big problem that we see a lot of,” he warns. “They're phishing to get that information or that access. And they use multiple avenues to achieve that goal.”
 
How It Usually Works
  1. You receive an unexpected email. It could be a phone call, text message, or message through a social media platform from someone you think you trust. This is the bait. These attackers often claim to be your bank, a company you do business with, your credit card company, a technology company, your employer or coworker, a government agency, utility company, shipping company, online payment website, or friends and family.
  2. The message urges you to do something quickly—either to avoid trouble or to win something. This is the hook. You may be directed to click on a malicious link, download an attachment, or provide personal or financial information through a fake website.
  3. Once you follow their direction, either by entering passwords, providing bank details, or downloading a file, the criminal captures what they need to steal from you.
7 Common Scam Techniques
Scammers often update their tactics to keep up with the latest news or trends, but here are some common tactics used in phishing emails or text messages, according to the Federal Trade Commission (FTC):
  1. They say they’ve noticed some suspicious activity or log-in attempts. (They haven’t.)
  2. They claim there’s a problem with your account or your payment information. (There isn’t.)
  3. They say you need to confirm some personal or financial information. (You don’t.)
  4. They include an invoice you don’t recognize. (It’s fake.)
  5. They want you to click on a link to make a payment. (But the link has malware.)
  6. They say you’re eligible to register for a government refund. (It’s a scam.)
  7. They offer a coupon for free stuff. (It’s not real.)
Top Red Flags of a Phishy Email
  • You receive an email claiming to be from a well-known company or brand, but the email address doesn’t match it.
  • The messaging may contain spelling errors or grammatical mistakes.
  • The message opens with an unfamiliar greeting, no greeting, or a greeting that doesn’t match the email’s tone. Some common phishing email greetings include: Dear Customer, Dear Account Holder, Dear User, Hi, Hello, or Hey.
  • The message is short and sweet, relying on ambiguity to throw you off.
  • The email contains urgency or threats—or promises of free gifts, lottery winnings, or too-good-to-be-true offers.
  • The email contains suspicious links or unexpected attachments. Never click on links or open attachments you weren’t expecting.
How To Prevent Being A Victim
Prevention is much easier than dealing with the consequences of being scammed. Here are some simple and practical ways to protect yourself:
  1. Verify sender and links. Look for odd domains and misspellings.
  2. Don’t give out your personal details including passwords, bank account information, and credit card numbers via email, text, or unsolicited calls.
  3. Enable two-factor authentication for an extra layer of security to your accounts.
  4. Avoid unexpected links or attachments.
  5. Use anti-virus software and keep software updated.
  6. Use email filters.
  7. If a message doesn’t seem right, contact the sender directly.  
Always be suspicious of who is calling or sending you unexpected emails, says Renner who sees a lot of bank impersonations. He reiterates that your bank will never ask for your PIN or your full debit card information over the phone. Your bank will not request access to your online banking or have you download an app to remote into your device.
 
What To Do If You’ve Been A Target
If you interact with a person or company and suddenly realize it could be a scam, immediately cease contact. Shut down your computer. Unplug your device. You may want to take your device into a tech support store so they can run a diagnostic or remove an application, suggests Renner.
“Be sure to notify your bank immediately in the event account information was compromised,” he recommends. “Was your banking login information compromised, debit card compromised, was personal information compromised?”

Renner says your bank will want to put certain alerts or restrictions on your accounts if you think your personal information was compromised. For instance, a scammer may try to impersonate you to access your bank account information, open a credit card, or take out a loan.
 
If you wish to report a phishing attempt, here are some ways:
  1. Report the message as phishing to your email or messaging provider.
  2. Forward the phishing email to reportphishing@apwg.org (Anti-Phishing Working Group).
  3. Report the incident to the FTC at ReportFraud.ftc.gov.