Learn to spot phishing scams

Author

Siena Wealth Advisory Group

For more information about the author, click to view their website: Siena Wealth Advisors

Posted on

Jul 22, 2023

Book/Edition

Florida - Southwest

Share This

Phishing attacks are phony communications designed to trick a person into giving a scammer sensitive or financial information, such as account usernames, passwords, credit card information and Social Security numbers.

Phishing attacks may appear to be from a legitimate business or trusted individual and can come in many forms – email, text message or phone call – so it’s imperative to understand the red flags associated with these malicious attempts.

 

Remember: If a message – whether it be email, text or phone – appears suspicious in anyway, don’t engage.

    Here’s how to better protect your account from these different types of phishing attacks:

    • Email phishing
    • Text message phishing
    • Voice call phishing

    Email phishing

    Email phishing refers to fraudulent emails that typically appear to come from trusted individuals or legitimate businesses such as financial institutions, insurance companies or retailers and often include seemingly authentic logos, look-alike email sender domains, as well as links or graphics that look genuine.

    Fraudsters engaging in email phishing may attempt to deceive you into downloading an attachment or clicking on a link within the message that will download malware onto your computer to illicitly obtain personal and financial information. These links may also redirect to legitimate portals, such as Microsoft Office, where they will ask you to enter your account credentials.

    What to watch for:

    • Sense of urgency. Phony phishing messages try to ‘bait’ you with an urgent situation requiring you to take immediate action. Watch for clickable links to ‘update’ or ‘validate’ personal information. Additionally, be cautious of any emails that appear to use current news events (like a natural disaster or geopolitical tumult) to solicit donations.

    • Spelling or grammatical errors. It’s rare for a well-known company to have spelling and grammatical errors.

    • Suspicious links. Be wary of links in emails. It’s always safest to go directly to the company website and log in to your account.

    Phishing email example
    Phishing email example

    What to do if you suspect an email is a phishing scam

    • Do not click on any attachments or links in the email, or take any action requested within the message.
    • If the email is sent to a work account, follow their protocol for reporting phishing attempts.
    • If the email is sent to a personal account, delete it and follow up with the purported sender directly. For example, if the sender appears to be a company, visit the company’s website directly to check on your account activity.
    • Log in to accounts using 2-Step Verification when possible.

    How to report email fraud or phishing to Ameriprise

    If you suspect you’ve received a fraudulent email from someone posing as Ameriprise, please:

    • Forward it to us immediately at: anti.fraud@ampf.com.
    • Do not remove the original subject line or change the email in any way when forwarding.
    • Watch for an auto-generated reply to let you know we’ve received your email. If we confirm the email is fraudulent, we will take appropriate action immediately.
    • If you provided your account information to a request you suspect may have been fraudulent, call us immediately at 800.862.7919.

    Text message phishing

    Text message phishing – also known as “smishing” – refers to fraudulent messages sent via text or through other mobile-friendly communication platforms, such as Instagram direct messages, WhatsApp or your LinkedIn mailbox. Like email phishing, scammers conducting text phishing attacks aim to steal their victims’ personal and financial information.

    What to watch for:

    • Fake email address. Most companies use a short code to send text alerts, not an email address. Emails may be from a look-alike domain and not a legitimate firm or company.
    • Suspicious links. The URL should include the company name and website domain (ameriprise.com, for example). Always be cautious of shortened URLs from services (bit.ly or tinyurl.com, for example).
    • Urgent or threatening message. Messages are written to try to ‘bait’ you with an urgent situation that requires you to take immediate action. If the text contains a threatening message, it’s probably a scam.

     

    Phishing text message example
    Phishing text message example

    What to do if you suspect a text phishing scam

    • Be wary of links sent through text messages.
    • If the text message seems suspicious, do not respond.
    • Visit company websites directly to check on your account activity.

    Voice call phishing

    Voice call phishing (also known as “vishing”) is when a fraudster attempts to deceptively extract an individual’s personal or financial information through a phone call.

    What to watch for:

    • Personal information requests. Ameriprise Financial, government agencies, and other bank and financial companies will not call you unexpectedly and ask you to provide personal information like passwords, account numbers, or Social Security numbers.
    • Remote access requests. Never give anyone remote access to your computer unless you have contacted them. Be wary of popups on your computer screen asking you to download software. Tech support from legitimate companies will not engage you this way
    • ‘Local’ phone numbers. Phone numbers can be spoofed. Be cautious of unfamiliar phone numbers even if they appear to be local.
    • Sense of urgency. Like in the case of email or text phishing, vishing messages try to ‘bait’ you with an urgent situation requiring you to take immediate action.
    Phishing tech support example
    Phishing tech support example

    What to do if you suspect a phone call is a phishing scam

    • Don’t answer. Let calls from unfamiliar numbers go to voicemail.
    • Block phone numbers on your mobile phone that call repeatedly for a fake business reason.
    • Be wary of links sent to you from the caller even if they seem like they are from a well-known company. Clicking links may allow the scammer to install spyware to your computer or device.

    How to report fraud

    If you suspect unauthorized activity on your account, call us immediately and contact your advisor.

    • Call 800.862.7919 and request to speak to a representative.
    • Mon-Fri 7 a.m. CT - 9 p.m. CT
    • Sat-Sun 7 a.m. CT - 7 p.m. CT

    We're committed to protecting your information

    At Ameriprise Financial, we’re committed to protecting your online security. Our efforts are backed by our Online Security Guarantee, which covers 100% of the value of losses in your Ameriprise® account(s) due to unauthorized online activity, if we conclude that losses were incurred from your account through no fault of your own.

    For more information about the steps you can take to help protect your account and personal information, review How you can protect yourself in the Ameriprise Financial Privacy, Security & Fraud Center.

    Other Articles You May Like

    Identifying Medicare Scams

    Research shows that seniors are common targets of scammers. One of the most common ways that criminals try to get information is through Medicare scam calls. In fact, your Medicare number is often more valuable for criminals than your social security number or credit card numbers/banking information.The caregivers at Gentle Shepherd Home Care in Colorado Springs can help you identify these scams. We offer a variety of in-home senior care services from companionship to medical care.In this article, well explain what you need to know about common Medicare scams.Does Medicare Ever Call Recipients?There are only two reasons that Medicare will ever call you, according to the Medicare website:Health/drug plan provider may call if you are already a member or the agent who helped you join may contact youCustomer service representative may contact you if youve left a message or received a letter stating that you will receive a phone callTop 7 Medicare ScamsFraudsters are getting smart with their scams. However, if someone calls you claiming to be from Medicare with the following pitches, its a scam.Your old Medicare card is invalid- you will be getting a new cardThis is one of the most common Medicare scams. The fraudster will inform you that in order to issue a new card, they will need your social security number and/or your Medicare card number.Truth: Medicare will not call you if there is an issue with your card. They will send a letter to arrange a phone interview.Your Medicare plan is about to be canceledThe caller will claim that in order to prevent your Medicare from being canceled, you will need to verify your current Medicare number, full name, address, banking information, birthdate, and social security number. This is also a common Social Security scam.Truth: Medicare representatives have your Medicare number on file- they will never ask for it. Additionally, Medicare representatives never ask for details such as your social security number to verity your identity.You are eligible for early access to vaccinationsThe COVID-19 pandemic spawned many pandemic-related scams such as being sent at-home testing kits or special access to vaccinations. These offers require that you provide information such as your Medicare number, social security number, and other personal details. Most of these start out as text messages or robocalls. The caller will offer you special access if you pay out of pocket.Truth: Medicare will never ask for you to pay out of pocket to get special treatment.You must confirm your appointment for genetic testingIn some cases, scammers will call offering free genetic testing to screen for a variety of health conditions. When you agree, they will steal your information and will bill Medicare for the test. In some cases, you may be sent an at-home test to complete along with a request for your information.Truth: Medicare will not call or send an at-home kit to offer you testing that you have not requested.You are eligible for free medical suppliesIf a scammer is aware of a specific health condition, such as diabetes, they may offer you free medical supplies or medications. They use this offer to get your Medicare number and other personal information as well as your credit card number so that you can pay for shipping. Your information will be used to over-bill Medicare.Truth: Medicare is not likely to call you to offer free medical supplies/medications. They will never ask for you to pay for shipping or provide financial information. Never pay for anything without seeing an invoice that can be confirmed with Medicare.You overpaid and are due a refundOne of the most common scams fraudsters use is to contact you via a phone call or text offering a refund on overpayment.Truth: Medicare will not call you to verify your personal financial information before issuing a refund. If you are due for a refund, a paper check will be sent out or it will be sent to the bank account on file.Youve been pre-approved for a cheaper/better planSome scammers will try to convince you that you are eligible for a cheaper/better plan than you are currently on. These are most common during open enrollment.Truth: Medicare will not call you without sending a letter first. You should never follow up on any unsolicited calls, visits from people claiming to be Medicare reps, or brochures.What to Do if You Are ContactedScammers can be persuasive, aggressive, and even threatening. However, its important to stay calm- they wont be able to do anything if you dont give them your information.Also, keep in mind that Medicare will not cold-call you. They will contact you via postal mail first to set up a phone interview.If you or a loved one is contacted by a fraudster:Never give out personal informationHang upReport the scam to MedicareWarn loved onesIf you or a loved one is in need of in-home elderly care, contact Gentle Shepherd Home Care in Colorado Springs. We offer a variety of services from simple companionship to medical care.

    Is Your Digital Legacy Up For Grabs?

    Ten years ago, Id never have thought about writing about digital legacy planning. But when I think about my digital assets (photos, documents, music, blogs, business records, etc.) and my digital accounts (emails, bank accounts, subscriptions, etc.), I know Ill want to provide for someone to handle them (1) in case I lack capacity to manage them, or (2) after I die.Think about it: the larger my digital footprint, the larger my digital legacy. While I am only on Facebook and LinkedIn, I imagine many readers are also on Instagram, Pinterest, Twitter, as well as dating, job search, and affinity websites. What happens to these accounts after one dies?Do I want to preserve or eliminate my digital presence? How do I get off of Facebook, LinkedIN, Instagram, Twitter, etc.?  For example, Facebook allows users in the US to designate a legacy contact who can take control of your account after their death. Few other social media do. Or do I want to remain there in perpetuity (as a zombie)? (One shocking statistic suggests that in 100 years, there will be billion dead people on Facebook). What about passwords, photos, emails, texts and business information that live on after I die? These, too, are part of this process. A durable power of attorney and/or a will or estate plan can designate a trustee or executor to access, modify, delete, and/or archive, your digital data. But she or he cant do this unless you have provided them the authority to do so and alist of your digital accounts and assets and how to access them.Most states have passed a version of the Uniform Fiduciary Access to Digital Assets Act, which allows a digital asset custodian to disclose digital asset information when requested by a fiduciary who needs access to the information to fulfill fiduciary duties.But heres the kicker: Who actually has the skill to manage our digital assets and accounts? Your spouse who is executor of your estate? Your brother who has power of attorney to make decisions for you if you lose capacity? I wonder. Digital legacy management may call for a new occupational specialty with a skill set not many of us possess.

    Dont Be a Victim of Cybercrime - What You Can Do to Avoid It

    Technology is constantly improving, which means that cybercrime is on the rise. As an agent, its more important now than ever before to protect yourself from the dangers of cyberspace. The National Association of REALTORS (NAR) has created a checklist that lists cybersecurity measures you can take to keep yourself and your business protected. Heres an overview of what it has to say.Email and Password HygieneYou most likely use your email and a variety of other services everyday to conduct business, which means that your accounts might contain a lot of personal and confidential information. Its easy to forget about securing your accounts when you access them day in and day out, but this is one of the most important steps you can take to protect yourself from cybercrime.According to NAR, your login credentials are especially important to protect. You should carefully guard login and access information to your email and any other service platform you use during the transaction, while also making sure that the usernames and passwords are different for each account. For example, if a hacker accesses one of your accounts, you dont want them to easily access any others using the same login information. In addition, your passwords should be long and complex, with a combination of letters, numbers and symbols that would be hard for any person or computer to guess. Finally, NAR recommends using two-factor authentication to give your accounts that extra level of security. This requires you to give two forms of identification to access your accounts so that hackers cant get in, even if they know your password.When it comes to general email hygiene, NAR recommends that you be careful with both the information you send and the information you receive. When sending emails that contain sensitive information, you should use encrypted email, a transaction management platform or a document-sharing program to protect your information from being easily stolen. If you receive an email that contains any unknown attachments or links, dont click on themthey could contain malware that infects your device. And whether youre on the sending or receiving end of an email, NAR recommends that you avoid doing business over unsecured wifi, where hackers can easily access your personal data. Other IT-Based Security MeasuresWhile its a good idea to secure each of your accounts, its equally important to protect your devices operating systems and software. NAR emphasizes that you should always keep antivirus software, firewalls, operating systems and programs active and up-to-date to receive the highest level of protection. Its also a good idea to regularly back up the data on your device. By doing this, it will be stored in a safe place in the case that a virus infects your device or someone hacks in and erases your information.Another way that NAR suggests securing your device is by avoiding any suspicious links or applications. If you receive a text message from an unknown sender that contains a link, dont open it or your information could be stolen. If youre downloading an app, make sure that its legitimate by researching it beforehand so that it doesnt breach your privacy or infect your system. And if you ever need an IT provider, work with an attorney to review their policies and contracts before allowing them access to any of your devices.Law, Policy and Insurance ConsiderationsSo far weve talked about some everyday measures you can take to improve your cybersecurity. But there are larger considerations you should also keep in mind to make sure that youre protected in the long-run. According to NAR, your attorney can help you develop a written disclosure warning clients about the possibility of cybercrimes resulting from their transaction. In this disclosure, you can recommend certain steps for sellers and buyers that will protect their personal information and finances. In addition to a disclosure, NAR recommends that you also develop policies relating to document retention and destruction, cyber and data security and breach notifications and responses. NAR believes that you should stay up-to-date on those documents and coverages you already havefor example, your insurance coverage. Ask your insurance agent about additional options you can add to your plan, such as cyber insurance and crime protection products. In addition, remember to stay up-to-date with your states laws regarding personal information, cyber and data-related business policies and other legally required security-related business practices. This will all help you and your clients stay protected and will save you time and stress in the long run.Its easy to put off the small steps that can protect you from cybercrime, but dont wait! Unfortunately, its only becoming more common in todays digital space. If you dont start protecting yourself now, you could be a hackers next victim at any moment. By implementing the items from NARs Cybersecurity Checklist, you can begin living with peace of mind that you and your business will stay protected.

    Local Services By This Author

    Siena Wealth Advisory Group

    Financial Advisor 999 Vanderbilt Beach Rd., Ste. 200, Naples, Florida, 34108

    At Siena Wealth Advisory Group we are passionate about helping you protect yourself and your family from the unexpected. That is why we take the time to get to know each and every one of our clients. We believe it is our duty, obligation and responsibility to help guide you to a more confident retirement. After all, you only get one retirement. We'll help you plan to get it right.At Siena Wealth Advisory Group it's not just financial planning, it's personal.