Phishing, Smishing, Vishing, and QR Code Fraud: Four Digital Deceptions
Scammers love to use social engineering to manipulate individuals by pretending to be your bank or trusted merchant to steal sensitive information. Whether you are using online or mobile banking, or just browsing the web, it’s important to shine a light on types of digital fraud to help you recognize the warning signs before it’s too late.
Phishing
Phishing happens when you get fake emails that look real, asking you to click on a link or log in to your account. Spot phishing emails by looking for these common red flags:
The sender’s email looks off
- It may look similar to a real company but may be slightly altered.
- It could come from a generic email address (ex. Gmail, Outlook, Yahoo) instead of an official domain.
Urgent language
- phrases like “your account will be suspended”, “immediate action required”, or “last warning”. These emails usually contain a sense of urgency because the scammer wants you to act fast without thinking.
Unexpected links or attachments
- Attachments you didn’t ask for such especially .zip, .exe, and .pdf files are known to contain virus and malware when clicked on and downloaded.
- Hover over links before clicking to view the URL destination. If the URL is mismatched or misspelled, it’s suspicious. Some apps and websites are made to look like your banks’, but they are traps to get you to enter your login credentials.
Personal information requests
- Organizations should NEVER ask for passwords, full card numbers, PINs, or SSN via email.
- Be wary of emails requesting you to “verify” information by clicking a link.
- Use a different password for every account and app. Set up an app-based 2-factor authentication for additional security.
Spelling and grammar mistakes
- Many phishing emails contain typos, or bad grammar. A professional organization rarely sends emails with incorrect grammar and spelling.
Protect yourself: Don’t click on links or download attachments unless you’re 100% sure of its authenticity. Don’t reply to the email or give out personal information. Verify by contacting the organization directly through official channels.
Smishing
Smishing is similar but uses SMS text messages to lure you into visiting fraudulent websites or installing malicious apps. Pay close attention to suspicious sender numbers such as unofficial short codes, fake full-length contact numbers, or spoofed contact names.
Protect yourself: scammers can spoof phone numbers just like email addresses. If unsure, do not click any links and verify the content by heading to the trusted site directly for trusted information and contact information.
Vishing
Vishing (voice phishing) is phone calls claiming to be from your bank or tech support trying to get access into your account.
Some of the common vishing calls people receive:
- Calls claiming there is suspicious activity within your bank account and they need to verify your identity to get access to account information
- What they want: Account number, card number, PIN, or one-time password (OTP)
- Tech support claiming they need access to your computer to fix an error
- What they want: Remote access to your computer to steal data or install malware
- Family emergency claiming a family member is in trouble and needs money quickly and wants funds wired
- What they want: Wire transfer or gift cards
- Calls claiming you won a prize or lottery, but they need a small fee in order for you to claim it
- What they want: Wire transfer of the “fee” or card information
- Loan or grant offer claiming you’ve been approved and needs your banking information to deposit the funds
- What they want: Access to your banking account or card information for “processing fees” or “transfers”
- Calls claiming to be a government or tax agency claiming you owe taxes and need to pay immediately or face arrest
- What they want: Your SSN, payment via wire transfer, or gift cards
Protect yourself: Never share passwords, PINs, or OTPs over text, email, or phone call even if it sounds urgent.
QR Code Scams: Inspect Before You Scan
Not all QR codes are safe. Scammers use fake or altered QR codes to send you to a fake website designed to steal login information, credit card numbers, and/or personal data. Some QR codes when scanned download a file or app that contain malware or spyware. Fake QR codes are commonly found in public places (restaurants, outdoor signage, parks, etc.), emails or texts from unknown senders, fake invoices or bills, or the outside of ATMs or self-service kiosks.
Protect yourself: Look for tampering like a QR code sticker placed over the original QR code. Inspect documents for authenticity. Review the QR code link before clicking.
Stay Secure: How to Protect Your Accounts Online
As technology continues to evolve, so do the tactics of scammers. Whether it’s through text, phone, email, or QR codes, fraudsters are constantly looking for new ways to scam. By staying alert and watching for red flags such as unfamiliar senders, urgency and unknown links, you can protect yourself from many types of scams before they begin. Remember to always double-check before clicking, downloading, or sharing personal information.
Card Command: Monitor and manage your cards with Card Command all within Mobile Banking
Manage your finances while guarding against fraud. Del-One FCU offers Card Command; a great tool with many services to help keep your accounts secure.
• Turn your debit and credit cards on and off
• Establish transaction controls for dollar amount limits, merchant categories and geographic locations
• Get 24/7 support for lost or stolen cards
• Receive alerts when your cards are used, approved or exceed the transaction controls set by you
• Stay informed of potential fraud with alerts on attempted and declined transactions
Get started today!
From the Mobile Banking app, go to More>Tools>Card Command and follow the prompts to easily install the Card Command app
