Understanding and Avoiding Phishing Scams

Phishing scams are nothing new in the world today, and with advancements in technology growing exponentially, it’s no surprise that scams of all types are increasing in their sophistication and quantity. While many of them have relied heavily on scare tactics and providing vague “details” to target victims, nowadays the challenge in spotting them often lies in their extreme details. Stay safe against today’s common scams as you enter the new year—and year-round—with the following information and suggestions.

What Is Phishing?

According to the FTC, “Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information such as account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity or both.”

In short, if you are hesitant about the legitimacy of any communication you’ve received, it’s possible it is a phishing scam. If you’re a BxB Media client and unsure about some of the communication you’ve received, we recommend contacting your web coach directly for assistance recognizing and handling possible scams. Not a client? Contact us here to learn more.

Below are some common example of scams found today impersonating some of the internet’s most popular companies and common accounts.

1. IRS SCAMS

What They Look Like

IRS scams can take the form of emails, calls, letters, unsolicited faxes, fake websites, and texts. Scammers try to lure victims into providing personal and financial information. In some cases, they may already have some information, such as the last four digits of a victim’s social security number. In other cases, scammers might threaten victims with legal action and follow up a scam call impersonating the IRS with another call impersonating the DMV (threatening to revoke driving privileges) or the local police (threatening jail time).

What You Should Know

What the IRS States: irs.gov states: “The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.”

College Students are a New Target
While these scams have been pretty generic over the years —claiming people owe money to the IRS and must take immediate action—more recently these scams have been targeting people with college loans.

What You Can Do

In any case, when you suspect malicious or suspicious activity, it’s best to go directly to the source. Irs.gov provides a great deal of information on specific scams they know of, warning signs, and how to handle and report them. You can also call the IRS directly to speak with someone about any action that needs to be taken, if any.

Understanding how the IRS contacts taxpayers (and does not contact taxpayers) will help you determine the legitimacy of a message you’ve received. You can visit their Report Phishing and Online Scams page here for more information on how to identify and report a scam.

2. GOOGLE SCAMS

What They Look Like

Google provides fourteen specific examples of Google scams here. Some of them include Google telemarketing or listing scams, Google account recovery scams via SMS Messages, and Google AdWords Impersonation Scams.

What You Should Know

Google is very deliberate in their communication. Scammers often use the Google brand (such as the logo, artwork, etc.) to recreate fake documents and emails. Sometimes these scams connect Google to things with which they have no association, such as lotteries and vehicle purchases. It’s details like those, and small details within the scams, that often give them away such as bogus phone numbers, typos, fake or inaccurate account information, and more.

What You Can Do

Google provides important information on what you can do if you believe you have been targeted by a Google scam. Here are a few common scenarios:

When it comes to Google Telemarketing Calls, Google states that they do not place robocalls, they do not call to “update your front page listing” or ask you to “claim your free website,” and they do not charge for inclusion in Google Search or Google My Business. This also applies to Google Maps and SEO scams. Google provides more information on these scams here.

Regarding Account Recovery Scams via SMS Messages, Google instructs going directly to your Google account security settings and reviewing your recent activity. From there, you can confirm that no one unauthorized has access to your account.

They also state that they “will not send you a text message that asks you to respond by text or phone call to verify your identity if your account has been compromised,” providing the following example of a scam SMS message:

Google Message #42132: Your Gmail has been compromised by hackers. Google needs to call you to verify your identity. Text back with ‘READY’ when you are ready to recieve this call.

This scam SMS message includes a fake message number, mentions hackers specifically, states they need to call to confirm your identity, and there is a typo at the end – “recieve” instead of “receive.”

Do not respond to messages like this. Contact your cell phone carrier directly to find out how to forward them to their spam reporting number. For more information on Google SMS message scams, visit Google’s resource page here.

Adwords Impersonation Scams most often ask users to make a change to their bank account details and billing information. For these and many Google scams, scammers use Google letterhead and other artwork to disguise their work as authentic.

If you receive an email claiming to be an AdWords invoice or request for a change of information, log in directly to your account and review your invoice there. The transactions page in your account will allow you to search for and view your invoices, providing you with available payment options, and list Google’s banking information at the bottom of the page. For more information directly from Google, read their documentation on AdWords impersonation here.

3. AMAZON SCAMS

What They Look Like

Phishing emails don’t always come from companies that victims are associated with. A common Amazon scam is a fake order confirmation email asking for personal and financial information. These emails look like they are from Amazon, but are not real. They often lead to websites other than Amazon and usually contain typos and inaccurate information.

What You Should Know

Email scams like this intend to catch victims off guard. For victims with Amazon accounts, it’s common that they won’t catch the fake email and will follow the instructions in the email they receive simply because it seems to come from a trusted source that they use often.

For victims without an account, the activity seems to be an error and often makes people nervous. Instead of going directly to the source, they believe they can solve the issue through the link they received in the bogus email and fall victim to the scam.

What You Can Do

If you do not recognize a purchase listed on an order confirmation email, it is likely a scam. Again, do not click on any links in the email. Instead, go directly to Amazon and confirm your account and order activity. Amazon provides a resource on their website to help you identify whether or not an email or webpage is from Amazon, how to report phishing and spoofed email scams, and additional information on avoiding payment scams. You can visit that page here.

IN THE END

If something feels “off” about communication you’ve received—whether that be a text, email, phone call, fax, letter, or other method—there are resources to help you stay safe. These are just a few examples of the many scams that exist today.

Our web coaches can assist you in navigating the complexity of today’s online world, including helping you to recognize scams and advising you on steps to take. Contact us here to get started.