How to help protect yourself from phishing
Keeping your financial accounts and information safe is critically important to us. That’s why we’re proactively advancing our security and continually investing in account safety measures, such as strong encryption software and ongoing monitoring of suspicious activity.
We also want to help you avoid fraudulent schemes. Email and text message scams, known as phishing, can be difficult to distinguish from legitimate messages. They may impersonate a reputable company and include an urgent request for you to update your information, secure your account, verify your identity, or confirm a transaction. You may be prompted to call a phone number, sign on to a fraudulent website, or respond with personal or account information. Learn how to detect and report suspicious email and text messages, also known as ‘SMS phishing’ or ‘smishing’, that appear to be from your bank.
What is phishing?
Phishing is usually a two-part scam involving an email or text message containing links to a fraudulent website requesting sensitive information such as username, password, and account details. Once obtained, your personal and financial information can be used to access your account and steal money.
How to recognize a phishing email
Phishing emails are becoming more sophisticated and difficult to distinguish from legitimate emails. By impersonating a reputable company’s communications, these emails tend to use clever and compelling language, such as an urgent need for you to update your information or communicate with you for your security. To spot a phishing email, look for a combination of red flags. In this example, notice:
1. Non-bank email address: The email address of the sender does not include the wellsfargo.com domain name, instead using something like “comcast.net”: WellsOnlineBank2@comcast.net.
2. Urgent call to action: The email includes an urgent request in the subject line and message copy, such as “for your protection and for security reasons.” Phishing emails may also contain extra spacing or unusual punctuation in addition to other red flags.
3. Suspicious URL: The email contains a link to a non-Wells Fargo URL, which could be a fraudulent website. If you’re using a laptop or desktop computer, you can check a link’s URL by hovering over it with your cursor, and the URL will show in your browser window.
How to recognize smishing
Phishing texts use similar techniques as phishing emails: a sense of urgency to secure your account or verify your identity, using words like “locked,” “deactivated”, or “for your protection” to describe your account status. These texts may prompt you to call a phone number, click on a link, or respond directly with personal or account information. To spot a phishing text, look for a combination of red flags. In this example, notice:
1. Suspicious sender: The text was sent by an unknown phone number, instead of one of Wells Fargo’s official short codes: 93557, 93733, 93729, or 54687.
2. Unusual text treatments: The text message contains a combination of unusual text treatments, including all caps, arrows, ID numbers, and an exclamation point.
3. Unprompted identity request: The request to verify the recipient’s identity was unprompted. Wells Fargo will request to verify your identity via access code only when prompted by an action that you have initiated, such as signing on to online banking or sending money.
What you can do to help protect yourself
• Don’t click on links, open attachments, or respond to unexpected emails or text messages from suspicious or unknown senders.
• Don’t share your online banking password with anyone.
• Don’t sign on to your account from a link in a suspicious message. Access a company’s website by using a reputable search engine or typing the entire URL into your browser. For Wells Fargo, type https://wellsfargo.com or use the Wells Fargo Mobile® app.
If you receive an unexpected request for information from your bank
Verify it by calling the number on the back of your debit or credit card. For more information on how to spot and report suspicious emails or text messages that appear to be from Wells Fargo, go to https://wellsfargo.com/nophishing.
This blog was provided by Wells Fargo, generous supporters of our Safe School Institute.
Posted by on 17 Mar 2020