Don't Be Lured In By Phishing Email Scams

OK, so we all know that there is no Nigerian prince who wants to give us the $1,000,000 we've inherited if we will just provide our bank account information and send him a cashier's check for $2000...right? If not, read this: THERE IS NO NIGERIAN PRINCE who is going to give you $1,000,000. Really. It's a scam. Don't fall for it, and for goodness' sake please don't send him your banking information or a check.

Sadly, a lot of people are duped by this and similar scams every day. In fact, the "Nigerian prince" scam is one of the longest running email frauds simply because it has been so darned successful. Once received through letters and faxes, these "urgent" requests for financial information and assistance are now primarily delivered via email--and they are getting harder and harder to identify as scams.

"Phishing" for fraudulent funds

Dubbed "phishing" emails (hackers go "fishing" by setting out hooks to see what they can catch; the "ph" is a hacker twist), these types of communications are attempts by someone posing as a legitimate institution or entity to lure someone into providing sensitive information. These fraudsters try to trick unsuspecting recipients into thinking the email is from someone they should know or trust...including your bank.

Bank customers are popular targets of phishing scams

Unfortunately, phishing emails often prey upon consumers who use their bank's online or mobile banking services. The emails attempt to dupe the customer into providing their online or mobile banking username and password to gain access to a plethora of sensitive financial and personal information. These emails are devised to trick the customer into thinking that the email is from the bank, and may contain phrases like these Federal Trade Commission bank phishing email examples:

• "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
• "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
• “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

These emails may be designed to look like an email from the bank, with logos, fonts and colors that mimic the bank's true branding.

Don't take the bait

You probably often receive emails from your bank for legitimate reasons and are familiar with the bank's email format, voice, logo, colors, etc. However, if you are in the least bit suspicious about an email, consider the following:

• Banks will never ask you to confirm or provide personal or financial information via email. Your security and the confidentiality of your information is of utmost importance to the bank, and regular, unsecured email is not a channel used for communication of sensitive information.
• Call the bank's published phone number to question and/or verify the email (if you are a Bank Independent customer, you'll get a real person when you call 256-386-5000 or 877-865-5050). Some phishing emails will include a fraudulent phone number that will be answered as if you were calling the targeted bank, so try the true phone number first, and don't be afraid to ask questions.  Your bank needs to know if someone is impersonating the institution so that it can take steps to eradicate the issue.

If a fraudster obtains your personal financial information, the doors are opened to further fraud.  Your bank will have extensive measures in place to protect you from fraud, but it's imperative that you also protect yourself.  

October is National CyberSecurity Awareness Month, so watch the BI Blog for more great resources, like these:

12 Ways to Protect Your Mobile Device

10 Simple Tips for Protecting Your Money From CyberCriminals

Debit Card Fraud: How it Happens and How to Stop It