Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.
Protect Yourself with these STOP. THINK. CONNECT. Tips:
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk.
- Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information.
- Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
- Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
- Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
How Do You Avoid Being a Victim?
- Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Before sending sensitive information over the Internet, check the security of the website.
- Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email.
- Keep a clean machine. Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.
For more information on Phishing scams and other ways to stay safe online visit StaySafeOnline.org
Every year, thousands of people lose their money and personal information to telephone scams. Typically, phone scammers will try to sell you something you hadn't planned to buy and will pressure you to give up personal information, like your credit card details or Social Security number.
Common Phone Scams
In telemarketing fraud, phone scammers will often use exaggerated—or even fake—prizes, products, and services as bait. Some may call you, but others will use mail, text, or ads to get you to call them for more details. Types of phone scams include:
- Travel packages - "Free" or "low-cost" vacations can end up costing a fortune in hidden costs.
- Credit and loans - Popular schemes include advance fee loans, payday loans, and credit card loss protection.
- Fake business and investment opportunities - As business and investing can be complicated, scammers take advantage of people not researching the investment.
- Charitable causes - Many phone scams involve urgent requests for recent disaster relief efforts.
National Do Not Call List
Avoid phone scams by registering your home and cell phone numbers with the National Do Not Call Registry or by calling 1-888-382-1222. This national registry was created to offer consumers a choice regarding telemarketing calls. Most legitimate companies don't call if your number is on the registry. If a company is ignoring the registry, there’s a good chance that it’s a scam. If you get these calls, hang up.
Report Telephone Fraud
If you believe you have been a victim of a telephone scam or telemarketing fraud, you can file an online complaint with the Federal Trade Commission (FTC), or by phone at 1-877-382-4357.
Scam artists use different types of fraud to try to trick people out of their money. Two common types of fraud are banking scams and investment scams.
Popular banking scams include:
- Fake check scams, where a scam artist creates counterfeit checks that look legitimate, with watermarks, routing numbers, and the names of real financial institutions. They then try to deposit them in banks, use them as part of other frauds against consumers, or use them to pay companies for products or services.
- Unsolicited check fraud, where a scammer may send you a check that you didn't have a legitimate reason to receive. Unfortunately, if you cash it, you may be authorizing the purchase of items you didn't ask for, signing up for a loan, or something else you didn't ask for. The Federal Trade Commission offers tips to help you avoid being a victim of these scams, and recommends what to do if you have been a victim.
- Automatic withdrawals. A company sets up automatic withdrawals from your account that you didn’t approve.
- Phishing. Email messages that ask you to verify your bank account number or debit card PIN. By clicking on the link or replying to the email with your account number, you are giving a scammer access to your financial accounts.
Investment scams prey on your hope to earn interest or a return on investment on the amount of money that you invest. The Securities and Exchange Commission (SEC) offers overviews of many common investment frauds, and tips to avoid being a victim.
If you are the victim of an investment fraud, you can file a complaint with the SEC or with your state's securities administrator.
For more information and how to report Scams and Financial Fraud you can visit usa.gov.
The IRS urges tax professionals to take the following steps to help protect themselves from remote takeovers:
- Educate staff members about the dangers of phishing scams, which can be in the form of emails, texts and calls, as well as the threat posed by remote access attacks;
- Use strong security software, set it to update automatically and run a periodic security “deep scan” to search for viruses and malware;
- Identify and assess wireless devices connected to the network, including mobile phones, computers, printers, fax machines, routers, modems and televisions. Replace factory password settings with strong passwords.
- Strengthen passwords for devices and for software access. Make sure passwords are a minimum of eight digits (more is better) with a mix of numbers, letters and special characters;
- Be alert for phishing scams: do not click on links or open attachments from unknown, unsolicited or suspicious senders;
- Review any software that employees use to remotely access the network as well as those used by IT support vendors to remotely troubleshoot technical problems. Remote access software is a potential target for bad actors to gain entry and take control of a machine. Disable remote access software until it is needed.
For more information you can visit irs.gov.