5 Ways To Avoid Phishing Scams

My wife got an e-mail over the weekend saying that her Citi Dividends credit card had been ‘restricted from use’ due to ‘suspicions about the address on file’.  It then gave the address on file.

It wanted her to immediately log into her account and was nice enough to give her a link to do so.

The entire e-mail looked legit.  Except that none of it was.

She had me go look at it, since I do all the work with our banks and credit cards and such.  I took one look at the e-mail and realized it was an attempt at phishing.  The link that was provided for logging in did not point to Citi’s website.  It pointed to a different site that I’m sure would have happily collected any login information we would have entered, and used it for illicit purposes.

My wife had gotten issued a new card because of potentially fraudulent exposure a few months back.  Based on the fact that they actually had our address, I’m wondering if that was the fraudsters trying to actually use the information they had gleaned as a way to get actual credit card information.

If you get an e-mail asking for information like this, make sure you protect yourself:

  1. Don’t act on any e-mails you get.  Call the number on the back of your card before clicking anything.  If there is an actual concern with your account, this will be flagged and you will be able to work through it.  Again, make sure it’s the number on the back of your card, not any one that you get in an e-mail.
  2. Check your information often. If anything ever looks out of place, you will know about it sooner if you check your balances regularly.  The longer duration that takes place between any fraudulent activity and you reporting it will potentially put you on the hook for more of it.
  3. Report any suspicious activity.  If you suspect a problem, let the company know.  They don’t want their name attached to any phishing scams, so they should work harder to ensure that the criminals are stopped.
  4. Look for overly personal information.   When I saw the e-mail, I was struck by two things: First, that they had the correct address but more importantly, that they actually included the address in the communication.  No financial institution should ever send out any personal information in an e-mail, and the fact that there was something there raised my ‘BS’ meter more so than if it wouldn’t have been there.
  5. Trust your hunch.  If something doesn’t seem right, trust your hunch and act accordingly.  Or another way to put it is: Don’t trust anybody but yourself.

Have you had any attempted phishing scams try to get your information lately? Did you shut them down?

7 thoughts on “5 Ways To Avoid Phishing Scams”

  1. I get these almost daily. I have learned to ignore them.

    I never click on email links unless I am expecting them. Even those from friends. Always call the number on your card, always!

    Great advice.

  2. wow it's scary how legit they can make these sites look nowadays!

    i try and remember not to link to anything in an email, but I'm not surprised when people get suckered in.

  3. If for some reason you think the notice might be legit (like I got one once while there was an actual investigation into fraudulent activity on my card) and you aren't able to call the number on the back of the card (say it was lost or stolen), still don't click on the link in the email.
    Instead, open another tab/browser window and go to your card's website like you ususally would. If the notification is legit, whatever they need done will still be linked to your account. This allows you to still do things online if you need to but prevents the phishers from getting your info.

  4. @Dr Dean – We haven't gotten them that often…yet…which is why they're alarming and they can catch you off guard.

    @Newlyweds – As I've heard said, the resemblance was uncanny 🙂

    @Shanendoah – Good point about what to do if your card is lost. Thanks for that tip!

  5. another thing you can do, if you'd like to help out your credit card company and other users, is to forward the email to the company's phishing/fraud department. Go directly to the company's website and search in their contact us/help section for what that email is. Then forward that fraudulent email to them. They pay people to research and take those sites down. I've even done this for phishy emails from "yahoo" and other sites I belong to with logins.

Comments are closed.