Protecting Yourself from Phishing Scams: Best Practices to Stay Safe Online and Over the Phone

In today’s digital age, phishing scams have become one of the most common and insidious threats to personal security. Phishing involves cybercriminals attempting to trick individuals into revealing sensitive information, such as passwords, credit card numbers, or social security details, often by masquerading as trustworthy entities. These scams can occur online through emails and websites or over the phone via calls and text messages. The good news is that with awareness and a few proactive habits, you can significantly reduce your risk.  Let’s explore practical strategies to avoid phishing scams in both realms.

 

Understanding Phishing: The Basics

Phishing attacks exploit human psychology, relying on urgency, fear, or curiosity to prompt hasty actions. Scammers often impersonate banks, government agencies, tech companies, or even friends and family. According to cybersecurity reports, phishing accounts for a large portion of data breaches worldwide. Recognizing the signs is your first line of defense: unsolicited requests for personal information, suspicious links or attachments, and poor grammar or formatting in communications.

 

Avoiding Online Phishing Scams

Online phishing primarily targets email, social media, and websites. Here’s how to fortify your defenses:

1. Scrutinize Emails and Messages

• Verify the Sender: Always check the email address or sender’s profile. Legitimate companies use official domains (e.g., support@bank.com, not bank-support@gmail.com). Hover over links with your mouse without clicking to reveal the true URL.
• Avoid Clicking Unsolicited Links or Attachments: If an email urges you to “update your account” or “claim a prize,” delete it. Instead, visit the official website directly by typing the URL into your browser.
• Enable Two-Factor Authentication (2FA): This adds an extra layer of security. Even if scammers get your password, they can’t access your account without the second verification step.

 

2. Use Security Tools

• Install Antivirus Software: Programs like those from reputable providers can help detect and block phishing attempts in real-time.
• Browser Extensions: Tools such as ad blockers or anti-phishing extensions like those that warn about malicious sites can help identify risky pages.
• Keep Software Updated: Regularly update your operating system, browser, and apps to patch vulnerabilities that phishers exploit.

 

3. Be Wary on Social Media and Websites

• Don’t Share Personal Info Publicly: Scammers scrape profiles for details to craft personalized attacks.
• Spot Fake Websites: Look for “https://” and a padlock icon in the address bar. Typo squatting (e.g., amzon.com instead of amazon.com) is a common trick.
• Report Suspicious Activity: Platforms like Gmail and social media sites have reporting features for phishing.

 

Avoiding Phone-Based Phishing Scams

Voice phishing, sometimes called Vishing, involves fraudulent calls or texts designed to extract information verbally. These scams often create panic, claiming issues like tax debts, account suspensions, or family emergencies.

1. Handle Unsolicited Calls with Caution

• Don’t Answer Unknown Numbers: Let calls from unfamiliar numbers go to voicemail. Legitimate callers will leave a message.
• Never Share Sensitive Information Over the Phone: No reputable organization will ask for your full social security number, passwords, or credit card details unsolicited. If in doubt, hang up and call back using a verified number from their official website.
• Recognize Red Flags: Scammers use caller ID spoofing to appear legitimate. Listen for high-pressure tactics, threats like “Your account will be frozen“, or requests for payment via gift cards or wire transfers.  These are classic hallmarks of fraud.

 

2. Manage Text Message Scams

• Ignore Unexpected Texts: Texts with links claiming “package delivery issues” or “bank alerts” are often phishing.  Delete them without clicking.
• Block and Report: Use your phone’s built-in features to block numbers and report spam to your carrier.
• Opt for App-Based Verification: Use authenticator apps instead of SMS for 2FA, as texts can be intercepted.

 

3. Additional Phone Protections

• Register for Do Not Call Lists: In the US, add your number to the National Do Not Call Registry to reduce telemarketing calls, though scammers often ignore it.
• Use Call-Blocking Apps: Apps like those from your phone’s app store can screen and block suspected scam calls automatically.

 

General Tips for Comprehensive Protection

• Educate Yourself and Others: Stay informed through resources like the FTC’s website or cybersecurity blogs. Share knowledge with family, especially vulnerable groups like the elderly.
• Monitor Your Accounts: Regularly check bank statements and credit reports for unauthorized activity. Services like credit freezes can prevent identity theft.  Otherwise, you can utilize credit monitoring services to notify you when an account is opened.  Some credit card providers now make this service available for free.
• Create Strong, Unique Passwords: Consider using a password manager to generate and store complex passwords.
• If You’ve Been Targeted: Change passwords immediately and notify any affected institutions.

 

Phishing scams evolve constantly, but the principles of caution and verification remain timeless. By adopting these habits, you can navigate the digital world with more confidence.  Remember, if something feels off, it often is.   Trust your instincts and take a moment to verify the authenticity of unknown contacts.

 

 

About the Author
Joseph M. Favorito, CFP® is a Certified Financial Planner® as well as the founder and managing partner at Landmark Wealth Management, LLC, a fee-only SEC registered investment advisory firm.  He specializes in helping individuals and families develop comprehensive financial strategies to achieve their long-term goals.