04 May 2016

How-To: Unearth & Avoid Phishing Scams

0 Comment

Like pests in your garden, Internet scams can creep up when you least expect them, infecting your computer without your knowledge and compromising PII and your login credentials. Thus, it is important to stay vigilant and take measures to protect your accounts, especially from phishing scams such as requests to pay invoices or log into legitimate-looking banking websites.

“Phishing” is a term used to describe the illegal attainment of an online user’s financial information in which the attacker poses as a legitimate company with which the user has an affiliation.

Phishing attacks occur over emails, instant messaging services, phone calls, and other communication channels, and take the appearance of a company’s website that the user is affiliated with to appear authentic and coerce the user into providing personal information.

With the introduction of chip-enabled credit and debit cards, phishing scams are becoming more frequent due to the lag of customers who have received their cards, and the confusion that has been caused by that delay. Scammers are emailing users in high numbers posing as the card issuer, asking the user to confirm personal information so that they can obtain that information.

Here are a few ways you can protect yourself against phishing schemes:

  1. Contact BMS first about any software, hardware or banking issues. Please note that a BMS representative will never contact you about a local software or hardware issue unless you have initiated this contact. If you are contacted by someone who claims they are a BMS representative without initiating the contact, please contact the BMS Support Center immediately.
  2. Be cautious. It is important to be very cautious and protective of your personal information and the PII of the estates that you administer at all times. For example, you should always be cautious of emails that are from unrecognized senders (especially those with attachments or embedded links), as well as those that ask you to provide personal and/or financial information when you have not initiated contact with the sender, even if the email appears to be from a company you are affiliated with.
  3. If you did not initiate contact, do not engage. Since phishing attacks can take many forms, it is important to be wary of emails or phone calls that you did not initiate asking for your personal or financial information. A good rule of thumb is to never divulge personal information over the phone unless you have initiated the call, and also never email personal or financial information, even if you are close to the recipient. When conducting online transactions, make sure the site is secure by looking for a lock icon on your browser’s status bar, or a “https:” in the URL, where the “s” stands for “secure.”
  4. Don’t open any attachments that you are not expecting. Phishing emails often include links or attachments that the user is asked to click/open, allowing the attacker to gain access to their information. Thus, it is important to never click on links, download files, or open attachments in emails (especially .zip, .exe, .rar files) from unknown senders. In addition, if you have received a suspicious email or an email that you did not initiate asking for personal information, never click on the URL within that email. Instead, you can hover over the text to get the link address and, if it doesn’t look like it is a url for the intended website, then consider it malicious. Call the company that emailed you to check if they sent the email (obtain their phone number from a source other than the email.)
  5. Monitor your online accounts and bank statements regularly. Phishing attacks can pop up out of the blue, and can be disguised so well that you may not know that you have been attacked. That is why it is important to monitor your online accounts regularly and perform monthly reconciliation of bank statements to ensure that no unauthorized transactions have been made.