Identifying Fraudulent Email – Phishing and Spoofing
Email fraud, the most common methods being “phishing” or “spoofing,” involves a fraudster sending you an email that appears to be from a legitimate source (i.e., a government agency, a bank, an official business, a payment services company, etc.), in which you are asked to respond to an urgent need. The recipient opens the link(s), which takes them to a spoofed website that appears to be legitimate.
The fraudster is able to obtain personal information when the recipient email provides the information being requested.
Here are some important tips to help you identify a potentially fraudulent email and/or fraudulent website:
- Distorted or oddly sized logos are common in phishing emails. Always compare the logo in the suspicious email or website to the one on your statement, or call the company from whom the email purports to originate to confirm the legitimacy of the email request before responding.
- Square 1 and other legitimate financial services companies would not ask you to update your personal or sensitive data via email.
- Legitimate companies avoid broken graphics, grammatical errors, misspellings, and poorly written sentences.
- Assess the level of urgency presented by the email request. Short turnaround times could be designed to capture your personal information before you realize you have been compromised.
- Be wary of emails that are very vague and ask you to click a link for additional details. Never use the customer service contact information provided in the suspicious email and/or on the suspicious website to verify the request.
- Be suspicious of (i) an information gathering website that is not linked to a known home page for the company or (ii) a homepage that has an “under construction” message on it.
- Review the web address of the suspicious website to ensure that it has not been altered or has an added symbol. This usually indicates the website has been spoofed.
Email Safety Measures
- Do not: (i) reply to emails that ask for your account information, (ii) give your account information to phone solicitors, or (iii) provide your account, credit or debit card numbers online, unless you are on a website you trust. Square 1 will never ask you to update this information via email.
- Do not respond to emails (even those appearing to be from legitimate sources) that ask you to provide personal/confidential information such as login IDs and passwords, social security numbers, credit or debit card numbers, or other sensitive identification-related information. Legitimate financial companies do not gather this type of information via email.
- If you receive an email that warns you that your account will be closed or your online access will be terminated if you do not confirm your billing address, contact the company cited in the email using a phone number or website address that you know is genuine. Square 1 will never send you such an email.
- Delete emails that appear to be spam or contain suspicious or unexpected attachments, whether they are from known or unknown sources.
- Avoid completing online forms in unsolicited email messages asking for your personal financial information.
- Understand the methods that your financial services companies (i.e., your personal bank or brokerage firm) utilize when asking you to provide personal information. Square 1 will never send emails requesting personal information.
- Where possible, do business with companies that use a secure method to capture your information over the Internet. To verify that your session is secure, look for “https:” instead of “http:” in the URL address line, as well as the padlock icon to confirm the page is secure.
If you are the victim of fraud, contact your local law enforcement agency and Square 1 immediately.