Most people have heard of “phishing” schemes, where fraudsters send fake emails to trick recipients into sharing private or financial information and then use the information to commit fraud. Years ago, the Nigerian prince phishing schemes lured many people into giving up their bank account numbers. Although people have learned to ignore and delete emails from supposed Nigerian royalty, businesses and consumers are wise to be alert to new forms of phishing and other malicious email schemes.
A new twist
A new twist on phishing is one in which a fraudster sends a fake email to an employee that looks like a legitimate message from the company’s financial institution. The fraudster has figured out where the company banks by obtaining the bank routing number from a legitimate check or a bank identification number (BIN) for a credit card. The scammer creates an email banner and format similar to a legitimate message from the bank. The phishing email usually directs the employee to click on a link to a fake website the fraudster has established, one that mirrors the bank’s legitimate website. The fake email requests the employee to log in and conduct a transaction or provide other private account information.These fake websites can be deceiving, as they are usually very similar to the bank’s actual website for commercial online banking. The phishing email address also may be very similar to a legitimate bank email address, making these schemes hard to detect.
Phishing emails often play on the recipient’s emotions by wording the message to cause alarm, such as claiming that a bank account or credit card has been compromised. They also may contain attachments, photos, pdf files or Microsoft documents that can trigger malware or infiltrate a company’s computer system when opened.
Phishing emails often play on the recipient’s emotions by wording the message to cause alarm, such as claiming that a bank account or credit card has been compromised. They also may contain attachments, photos, pdf files or Microsoft documents that can trigger malware or infiltrate a company’s computer system when opened.
Fraudsters usually try to gather as much private information as possible through phishing schemes to build and supplement personal and corporate profiles. They look for private information such as user login name, password, date of birth, Social Security number, bank account numbers, email address, phone number, credit history and personal content found on Facebook, LinkedIn and other social media accounts.
Phony texts
Phishing schemes that use texting are increasing as well. A fake text message may indicate a credit card has been compromised and give directions to call a certain phone number. If the recipient does so, the “customer service” representative is actually a fraudster who will attempt to collect and “verify” login name, password, account number, Social Security number and other private information.Protect your business
To protect your business against phishing schemes, Fifth Third Bank makes these recommendations:- Understand the type of alerts or messages your bank will typically send to you or your company. If a new type of message appears, be suspicious and contact your bank. Check the email address for typos or unusual spellings.
- Be aware of where a web link may direct you. Hover your mouse cursor over the link and check the website address to see if it matches the site you normally use.
- Know what your bank’s website normally looks like. If you click through on a link, look for misspellings or grammatical errors in the text, or logos that are out of focus. If something seems unusual about the website, be suspicious and contact your bank through normal channels (by phone or known website access).
- Do not use the link provided in an email if anything about the request seems suspicious. Instead, log in to your online banking account using the address you typically use.
- Remember that the bank will never ask you to provide your Social Security number or full date of birth for verification. Do not provide this information on a website, through an email or by phone unless you initiated the call.
- Practice good digital hygiene: Keep anti-virus and malware protection software up to date, use an updated browser and apply all patches. Secure access to company laptops, tablets and personal computers. Do not use the same user name and password for your bank that you use for other sites, especially social media sites.