I recently received an email from a credit card company of whom I do business. I read the email twice and thought, 'would my credit card company really attempt to contact me using email? I don't think so.' Being the suspicious, skeptical person that I am, I called the credit card company using the phone number that is printed on the back of my card. And low and behold, my credit card company doesn't even have my email address on file. Imagine that? The service rep I spoke with said it happens so frequently now that the company doesn't even investigate these claims anymore. So, I thought I would research and share some helpful hints to protect us from becoming victims.
In my case, the email looked unbelievably accurate, with the company logo and even an email address that started with service and ended with the company name and dot com. The one thing that immediately drew my attention was the way some of the sentences were phrased. Everything was spelled correctly but reading the sentence aloud did not sound right (the reason for this I later learned was because the email probably originated out of the U.S. and English is their second language so the author did not phrase the email as an American would. In addition, the email asked me to click this specific, attached link to log into my account. That didn't sound right either. Thus, I wasn't fooled and neither should you. So, here are a couple helpful hints courtesy of the National Association of Federal Credit Unions:
Never respond to an unsolicited email that asks for detailed financial information: (In my case I did not click on the link but if I had I'm sure it would've sent me to a site that asked for my log-in, password, account number, date of birth or other identifying information. I've heard of other incidents where clicking the link took you to a site and asks just your username and password. When you enter it the next screen read something like, "I'm sorry but our system is down, try again later". Then you go about your day not knowing that your username and password were recorded and your account is being cleaned out).
Report anything suspicious to the proper authorities: (If after you believed you were scammed, or your account has been hacked, you should always report it to your local police department. As long as there is a monetary loss, or potential for loss, your police department is obligated to document the information and conduct an investigation. Most local departments are involved with state reporting agencies who track these types of cyber crimes. Even though most of these phishing scams are done across country lines, financial institutions are much more ready to assist you AFTER you've reported it to a law enforcement agency. In addition, you can put a fraud alert on your credit report by contacting all of the major credit bureaus: Equifax, Experian and Trans Union).
Contact the Internet Crime Complaint Center: This agency is a partnership between the FBI and the National White Collar Crime Center and can be reached at www.ic3.gov.
I hope these tips help and feel free to contact Suburban Security for a free consultation or for more information. Please review the below PDF courtesy of the Internet Crime Complaint Center. Thank You!
This Blog is written by Suburban's security experts, with contributions from industry experts. Nothing in these posts should be considered binding between the reader and Suburban's security team nor should it be considered legal advice. Just fun tips to help "Protect Your Most Valuable asset".