A 90-second read by the Baron Team: Because we have personally seen several recent phishing emails claiming to be from Amazon, Chase Bank, Capital One, the IRS, among others, we felt it was important to remind everyone to be aware of fraudulent emails and phone calls asking for personally identifiable information. It is key to remember that you will never receive an email or a phone call, from the IRS or your bank, asking for your social security number or account number. Always assume this is a fraudulent call or email and do not give out any sensitive information.
According to the Federal Trade Commission (FTC), a phishing email often presents itself with a claim that there is an issue with your account or that payment details need to be updated along with a link they want you to click on to make payment. Please read the following for more helpful information regarding phishing scams.
This blog was originally posted on March 1, 2018 and updated on January 22, 2020:
Below, please find some phishing-scam tips provided by the National Association of Personal Financial Advisors (NAPFA). Baron Financial Group is a proud Fee-Only NAPFA firm, committed to providing financial education. To learn more about NAPFA, visit napfa.org.
- Be cautious about opening attachments or clicking on links in emails. Even your colleague or friends' accounts could be hacked. Files and links can contain malware that can weaken your computer's security.
- Do your own typing. If a company or organization you know sends you a link or phone number, don't click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look legitimate, scammers can hide the true destination.
- Make the call if you're not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If you think a company, friend or family member really does need personal information from you, pick up the phone and call them yourself using the number on their website or in your address book, not the one in the email.
- Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised. As an extra precaution, you may want to choose more than one type of second authentication (e.g. a PIN) in case your primary method (such as a phone) is unavailable.
- Back up your files to an external hard drive or cloud storage. Back up your files regularly to protect yourself against viruses or a ransomware attack.
- Keep your security up to date. Use security software you trust, and make sure you set it to update automatically.
- Report phishing emails and texts.
- Forward phishing emails to email@example.com - and to the organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information. To ensure the header is included, search the name of your email service with "full email header" into your favorite search engine.
- File a report with the Federal Trade Commission at FTC.gov/complaint.
- Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
You can also report phishing emails to firstname.lastname@example.org. The Anti-Phishing Working Group (which includes ISPs, security vendors, financial institutions and law enforcement agencies) uses these reports to fight phishing.
To learn more about phishing scams from the FTC, click here.
For any further questions, please contact your Baron Team.