How to protect your personal information online

While most of us look forward to the holidays as a time to give thanks, reconnect with family and friends and reflect on the past year, scammers and hackers see this busy time as an opportunity to catch you with your guard down.

Your email inbox might be flooded with offers from online retailers promoting sales, coupons and special deals. While most offers are probably legitimate, some of these messages may actually be instances of phishing.

What’s phishing? It’s when hackers send emails or text messages pretending to be from reputable companies in order to trick you into giving them what they want—typically, your personal information—like passwords or credit card numbers.

Some internet scams target seniors.1 To protect yourself from phishing, it’s important to learn the common forms, ways to spot a phishing message and how to report phishing scams.

What are some of the most common forms of phishing?

  • Emails or text messages claiming to be from a legitimate retailer, shipper, bank, organization or government agency. The sender may ask you to confirm your personal information for a phony reason (e.g., an order has been placed in your name, your account is about to be closed, or your information has been lost because of a computer problem).
  • Requests for charitable donations. There are many fake charities that have legitimate sounding names, so thoroughly research charities before donating. The Federal Trade Commission has a helpful Charity Checklist , opens new window for this reason.
  • IRS and tax-related emails. These emails may reference unpaid taxes or a potential audit but are often a scam. The Internal Revenue Service (IRS) website states that it “does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.”2

AARP lists many different types of scams, and how to combat them, on its website.3

How can you tell if it’s fake?

In the past, bogus emails and websites were often easy to identify by poor language and grammar, but this isn’t always the case now. As we grow more sophisticated, so do cybercriminals. In recent years, they’ve begun using more authentic looking emails and websites. Here are a few tips:4

  • Check the email address of the sender. Roll your mouse over the email address and make sure it matches the address displayed. Also, most legitimate businesses have a simple, standardized email domain, so an email from a bank might come from johndoe@nationalbank.com, whereas a scammer’s address is less likely to follow this standard.
  • Check for forged links. Even if a link contains a name you recognize, it doesn't mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If it doesn’t, do not click on the link.
  • Don’t trust logos and corporate colors. Just because an email contains company logos and corporate colors doesn’t mean it’s a legitimate email.
  • Beware of attachments. Don’t click on an email attachment unless you know who sent it.
  • Don’t proceed if you don't see "https.” Secure websites for personal information begin with "https"—the "s" stands for secure.
  • Requests for your personal information are red flags. The point of sending a phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it’s probably a phishing attempt.
  • If it sounds too good to be true, it probably is. Be wary of the “Nigerian prince” offering to share his fortune with you.

Phishing could happen to anyone. If you receive a phishing email, report it. Below are some great resources and steps to report phishing emails.

  • Forward phishing emails to the Federal Trade Commission at spam@uce.gov – and to the organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information.
  • File a report with the Federal Trade Commission at FTC.gov/complaint , opens new window.
  • You can also report phishing emails to reportphishing@apwg.org. The Anti-Phishing Working Group includes internet service providers, security vendors, financial institutions and law enforcement agencies.

Sources:

  1. “Top 10 Financial Scams Targeting Seniors,” National Council on Aging, last accessed Oct. 11, 2019, https://www.ncoa.org/economic-security/money-management/scams-security/top-10-scams-targeting-seniors/, opens new window.
  2. “Taxpayer Guide to Identify Theft,” IRS, last accessed Oct. 17, 2019, https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft, opens new window.
  3. “Scams & Fraud,” AARP, last accessed Oct. 17, 2019, https://www.aarp.org/money/scams-fraud/, opens new window.
  4. “10 Tips for Spotting a Phishing Email,” TechRepublic, last accessed Oct. 17, 20109, https://www.techrepublic.com/blog/10-things/10-tips-for-spotting-a-phishing-email/, opens new window.