Huffpost Money
The Blog

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

Jason Alderman Headshot

How to Catch a 'Phish'

Posted: Updated:

Their names may sound funny but their financial consequences are not: "Phishing," "smishing" and "vishing" are just a few of the ways criminals can gain access to your financial or personal information via your computer or smartphone.

These attacks rely on the same basic strategy: To trick you into providing your financial or personal information -- often by masquerading as a trusted source such as your bank, credit card company, friend, relative or even a government agency. If you're not careful, scam artists can use such ill-begotten information to make unauthorized purchases, access your bank account or potentially commit identity theft.

Unfortunately, every time the authorities plug one hole, crafty criminals figure out new ways to trick unsuspecting victims. And they seem to have no boundaries: As I reported in "Protect Your Kids From Identity Thieves," some now even steal children's Social Security numbers, ruining their credit long before they've opened a single account.

Beware of these phishing scam tactics:

Email phishing: This is where you receive an email, purportedly from a trusted source, that asks you to supply or confirm account information, log-in IDs or passwords. These imposters are attempting to trick you into divulging your information, often by trying to create a sense of urgency and panic; for example, saying your account will be frozen if you don't respond.

Legitimate organizations rarely, if ever, ask you to verify sensitive information through a non-secure means like email. When in doubt, look up the organization's phone number separately and call to verify the legitimacy of the request. And avoid clicking on links in unsolicited emails, which could install malicious software on your computer. Similarly, never open any attachments unless you can confirm their legitimacy.

SMiShing (for "Short Message Service" phishing): Like phishing, only it uses text messages sent to your cell phone. Even if you don't click on any links or share information, just by responding you're verifying that your phone number is valid, which means it could be sold to others who will try to trick you into their own scams.

Vishing (for voice phishing): Here a live or automated caller claiming to contact you on behalf of a trusted source will ask you to provide personal, payment or account information under the pretext of clearing up a problem (like theft or overdrawn accounts). If you receive such a call, proceed with caution.

Don't rely on what you're told or the name displayed on caller I.D. Instead, hang up, look up the organization's number separately and verify the legitimacy of the request. I program important customer service phone numbers -- but not account numbers -- into my cell phone in case I'm traveling.

Forewarned is forearmed. Know what to watch and listen for when scrolling through your email, reading your text messages or answering the phone:
  • Consider all requests for personal or financial information to be suspicious.
  • Be cautious about clicking on links in unsolicited emails or text messages.
  • Check the legitimacy of any inquiry requesting your personal or payment information by looking up the company's phone number separately and calling to verify the request. (Just because an email bears a company's logo or a caller claims to represent an organization you trust, it doesn't guarantee legitimacy.)
  • Watch for typos and bad grammar. These are warning signals that an email or text message may be fraudulent.
  • Use spam blockers and keep your anti-virus software up to date.
  • Watch for pushy tactics. If you're asked to verify or provide information immediately or urgently, be suspicious.
For more tips on protecting personal and account information and preventing online fraud, visit:
  • The National Cyber Security Alliance's StaySafeOnline.org.
  • The FBI's Be Crime Smart page, which highlights the latest scams and tells you how to report crime and fraud.
  • The Federal Trade Commission's ID Theft, Privacy and Security page, which contains extensive information about identity theft, privacy and information security.
  • My employer, Visa Inc., has developed an interactive graphic showing what an email phish can look like and offering tips on how to catch a phish. VisaSecuritySense.com also features fraud prevention tips and news on the latest scams.

Phishing, smishing and vishing scams come in many disguises. Always exercise extreme caution when providing personal or payment information and only do so after you've confirmed the legitimacy of the request. Scam artist preys on the goodwill, trust and -- sometimes -- carelessness of consumers to get the valuable information they need.

This article is intended to provide general information and should not be considered legal, tax or financial advice. It's always a good idea to consult a legal, tax or financial advisor for specific information on how certain laws apply to you and about your individual financial situation.