Have you ever received an email from a random name that you didn’t recognize? Do you ever get phone calls from an unknown number who tells you they need to verify information? If this happens to you, you are not alone. Fraudulent messages are happening all around us, so it is important to be aware of the warning signs. When unknown individuals are attempting to steal confidential information, it is called phishing.
Han Wu, Senior Vice President, Information Technology (IT), answers some of the top questions about what phishing scams are and how to protect your information.
- What is phishing? Phishing is a fraudulent message pretending to be from a legitimate entity to trick the recipient to fall for a scam or to divulge sensitive information. Emails, text messages, and phone calls are a few places you could receive a phishing message.
- How do scammers get my contact information to target me? There are many ways scammers can gather your contact information. Some examples are: public information via search engines such as Google, creating look-alike websites to collect your email/cell phone number, hacking into a business that has your contact information, and compromising a company or an individual’s contact list via the email account.
- What are some ways I can identify a phishing scam?
- Urgent call to action or threats – claims you have to act now for a reward/penalty or detected suspicious activity/charges on your account or login.
- Suspicious links or unexpected attachment – don’t’ click on or open any links or attachment that you may suspect as a scam. You can hover the mouse over the link, but don’t click, to see if the web address/URL matches the link that was typed in the email message.
- Generic greetings – be aware of emails that start with generic “Dear sir or madam”. A legit company that works with you should know your name.
- Mismatched/misspelled email domain – email claims to be from a reputable company, but the email is being sent from another email domain such as gmail.com or some random email domain. Look out for subtle misspelled email domain. Such as westtbankstrong.com where there are two Ts in the word “west” or westbankstr0ng.com where the letter “o” is replaced by a number “0”. Bad grammar and spelling are also signs of a scam.
- What can I do to protect myself from phishing attacks?
- Think. Before you click on the link or open any suspicious/unexpected email.
- Don’t respond back to the email that you may suspect as phishing. Email or contact the company/person directly to inquire about the email in question.
- Make sure your computer and mobile devices’ operating system and security software, such as anti-malware/anti-virus software, are up to date by setting to update automatically.
- Use multi-factor authentication for online accounts, if available.
- What should I do if I have responded to a phishing attack? If you think a scammer has your personal identifiable information or online account credentials. You can go to IdentityTheft.gov for specific steps to take based on the information you may have lost. If you think you have clicked on a link or opened an attachment that downloaded malware, make sure your computer’s security software is update to date, disconnect from the internet and then run a scan. You may also consult a reputable local cyber or technology firm to assist with the remediation.
Han Wu joined West Bank in 1992. Han graduated from the University of Iowa with a degree in Finance and minored in Computer Science. He is a 2011 graduate of the Bank Technology Management School of the Graduate School of Banking in Madison, Wisconsin. Han is also a Certified Banking Cybersecurity Manager.
Active in the community, Han is a graduate of the Greater Des Moines Leadership Institute's 2008-2009 Community Leadership Program. He has been involved with Variety, The Children’s Charity since 1994 and had served as a board member, committee member and a volunteer. Currently he serves on the advisory board of Best Buddies Iowa.