It’s the oldest online scam in your inbox: They send out an official looking e-mail. “Your password has expired,”  “Your account is in arrears,”  “Please verify a charge,” or some emergency that needs you ASAP.  These are the tricks “phishers” use to get you to click 1st and think 2nd. So how do you protect yourself from phishing schemes?

BE WARY OF E-MAILS WITH LINKS YOU DID NOT REQUEST

Very simply–if you see an official looking communication from your bank, credit card, Amazon or any entity, directing you to take action by clicking a link–don’t!  Click it, and the bad guys verify your existence.

COMPANIES DON’T ASK FOR PASSWORDS IN E-MAILS

Hackers are really good at creating phony e-mails that look like the real thing.  The company “will never ask you for your password in an e-mail or send you a password as an attachment.”  The same goes for the IRS, banks and other officials–if you’re under an audit, you’ll be notified by the US mail. You don’t need to sign into an account that’s probably bogus.

HOW TO SPOT A FAKE E-MAIL

Fake e-mails usually look spot on, but there’s often a typo, a mis-spelled word, a contact address that isn’t a google.com or amazon.com , but instead a webmail address. Perhaps you have a Wells Fargo account and get an email from: Wells Fargo Support. Looks legit, but would they use WellsFargoSupport@gmail.com   Not likely!  I have even seen domains registered close to the legitimate such as info@amazzon.com   Just a small misspelling could get your information compromised.

Many times the pages served by these links are not secure. They will show up as http:// instead of secure https:// The S stands for secure, by the way.

WHAT IF A FRIEND SENDS YOU AN E-MAIL WITH JUST A LINK?

Be wary, inspect it, ask the friend what the intent was before agreeing to click on the link. If it doesn’t seem legit, don’t be tempted, just delete it.  If the e-mail is from a company, and you’re addressed as “sir” or “madam” and not by your name, and you’re also asked to fill out a form, the smartest solution–don’t.

SMISHING: MOBILE MAKES IT HARDER

Smishing is a phishing scam that is sent over Short Message Service (SMS) Text message. It’s not just your inbox that they are after anymore.  Most texting fraud is an attempt to get your private information by responding by text.   They often use fear tactics to get you to respond hastily.  In an age where we live on our smart phones, these fraud attempts are smaller, harder to spot, and more frequent, so you’ll need to be that more diligent and take the time for inspection.

HOW TO RESPOND TO A COMPANY WE TRUST?

Google, Facebook, Amazon, Apple and other companies routinely ask us, via an e-mail, to update our passwords when we’ve forgotten them. Their pages look authentic, and they offer e-mails with links when we ask for a reminder. So why should I click their link when they send it to re-set the password? Because you requested it from the company.  If you’re worried and want to play it safe, skip clicking in any email and go straight to your browser. Most company websites let you change your password at their registered .com addresses, by going to the account section and opting for a new password.

Finally, it goes without saying, while I have your attention, that this is a great time to update your passwords with hacker proof collections of numbers, symbols, upper and lower-case letters. Stay away from hacker favorites like “password,” 123456″ the name of your street, default, or your pet’s name.

Long passwords from a pass phrase work well. “JimwasmyfavoriteCollegePal1” is an example of a strong password.  There are secure password manager programs such as Roboform, https://www.roboform.com/ that can also securely help you keep track of your passwords.

WHAT TO DO IF I GET IN TROUBLE?

Always act quickly when you come face to face with a potential fraud, especially if you’ve lost money or believe your identity has been stolen.

FBI – If a phishing scam rolls into your email box, be sure to tell the company right away. You can also report the scam to the FBI’s Internet Fraud Complaint Center at https://www.ic3.gov/

SEC – If the email purports to come from the Securities and Exchange Commission, alert the SEC by submitting a tip online at https://denebleo.sec.gov/TCRExternal/disclaimer.xhtml

FTC– If you think that your personal information has been stolen, visit the Federal Trade Commission’s feature on Identity Theft at www.consumer.ftc.gov/features/feature-0014-identity-theft for information on how to control the damage.