Phishing scams might sound tricky, but it’s all quite simple. So simple, in fact, that even a kid can explain it. Just take a look!
The average user received 16 malicious emails per month last year.1 These emails are designed to try and trick you into opening attachments, clicking links or entering confidential data — such as your bank account number, password, username or other top-secret login details. They work because the cyber criminals do a few key things well:
- The emails look like they’re coming from someone you trust — such as a friend, co-worker, government official, retailer, bank or other legitimate business.
- The emails may make you panic. Common phishing emails will tell you that you won’t be able to access your money or your personal data unless you enter your username and password into a site they link you to. Usually they say you have to take action right away in order to “save” your data and avoid getting locked out of your bank/social media/Netflix account. By prompting you to react urgently, scammers are trying to keep you from thinking carefully about what you’re doing.
- The emails appear to be helpful. You may get an email that claims to be letting you know about an error that needs correcting, or an order placed in your name, or even that there is suspicious fraudulent activity on your account. The email will ask you to enter your info to “safeguard your data” — yet, in reality that action will have the opposite effect.
New Lures in Play
While email is the most popular channel for phishing scams, it’s not the only one. In a SMishing scam, for instance, you’ll get an SMS message that appears to be from a trusted service such as a bank, Facebook, Google or Apple, alerting you that your account is at risk of being hacked. When you click on the message, you’re sent to a fake website designed to get a hold of your login info or to infect your device.
Vishing, meanwhile, is when fraudsters call you on the phone, typically posing as tech support or customer service reps advising you that your computer is supposedly infected with a virus. These scammers will then try to get you to hand over remote access to your computer and trick you into installing real malware onto your device.
How to Protect Yourself
While phishers may be clever, devious, and unfortunately relentless, there are ways to spot a phishing scam and help keep your confidential information from falling into the wrong hands:
- Trust your gut: If an email feels fishy, it probably is. Beware of emails, text messages or phone calls from individuals or organizations you weren’t expecting. Be especially suspicious if an message asks you to click on an attachment or a link.
- Know your contacts: Remember that your bank, the government or a real business will never ask you for your password or PIN. And your uncle, co-worker or best friend likely isn’t asking for confidential details from you either.
- Look closely: Are there spelling or formatting errors in the email? Are they addressing you by name, or simply “Dear Customer.” If you hover your mouse over a link included in the email, does it look valid or relevant? These are some tell-tale signs an email is fake.
- When in doubt, take matters into your own hands: If you’re not sure if an email, text or phone call is legitimate, call the company directly (using a number you trust) and ask if they’ve been trying to reach you.
Become more Cyber-aware! Check out these tips for spotting scams and keeping yourself safe.
This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.