Q: I received an email from my bank asking me to confirm a recently added email address. The email looked legitimate enough, however I know for a fact I did not add any email addresses. Looks like a scam, what does BBB suggest doing in a situation when someone receives an email like this? I reported this email to my bank, what other steps should I take?
A: Phishing emails are very common nowadays and unfortunately are becoming very sophisticated. Unlike several years back when phishing emails had obvious grammar mistakes, spelling errors and blatant third-party links, the latest wave of phishing email attacks is anything but obvious. Scammers learned to mimic the look and behavior of legitimate company emails. They take time to mask fraudulent links, make emails brand compliant and appear to look and feel official.
How the scam works
Con artists have a creative array of cover stories to disguise their true intentions and they utilize several channels to get to their victims. When it comes to phishing emails, scammers typically use one of three methods to fool their victims. First method is a promise of a reward such as a gift card, free item, free trip etc. A second tactic scammers use is threatening punishment for something like unpaid taxes, missed jury duty, or threatening to deactivate a bank account for whatever reason. The third way appears to be very generic, could be as mundane as receiving a file from the office scanner or like in your case; a regular customer service email which might even spark appreciation from the patron for such a great customer service.
After receiving a phishing email the intended victim will be urged to download something, in most cases hidden malware, or click on a link which frequently leads to a form prompting the target to enter personal information. This typically results in identity theft, compromised financial accounts and loss of finances.
▪ If something sounds suspicious, confirm it by calling the company or checking the company website. Type the URL directly into your browser
▪ Don’t click on links in unsolicited emails. Links can download malware onto your computer, compromise personal information and in case of ransomware, render your computer useless in hopes that you will pay money to have it released
▪ Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Always be wary of messages that don’t contain your name, last digits of your account number or other personalizing information
▪ Never share your personal information with someone who has contacted you unsolicited. Personal information can include your date of birth, credit card or banking information, address or your Social Security number
▪ If you receive an email that looks suspicious, report the scam to BBB using BBB Scam Tracker: bbb.org/scamtracker/us.
Action Line is written by Blair Looney, president and CEO for the Better Business Bureau serving Central California. Send your consumer concerns, questions and problems to Action Line at the Better Business Bureau, 2600 W. Shaw Lane, Fresno, CA 93711 or email@example.com.