Phishing attacks -- online trolling for personal information in order to raid your financial accounts -- are soaring. According to cyber-security experts at RSA, phishing attacks jumped 37 percent last year and have proven to be exceptionally costly, with the average attack resulting in $4,500 in stolen funds.
With National Consumer Protection week on the horizon, Visa (V) is attempting to help consumers spot phishing attacks before they're taken. The credit card company has published an online guide to the tell-tale signs that you're being phished. Admittedly, the warning signs have gotten far more subtle in the past few years -- and a really good con artist can appear legitimate to even the most diligent consumer. In some cases, con artists even have access to some of your personal information already, like your name and maybe even the last few digits of your credit card number.
But there are still 5 simple ways to catch a phishing attempt before it catches you. Specifically:
Don't click. If your bank or credit card company sends a warning message saying that your account has been compromised and you need to click through an emailed link to "verify your account information," don't. Banks and credit card companies don't communicate that way. Neither does the IRS. If there's a problem with a bank or credit card account, they'll call you. If the tax authorities want to contact you, they do it by U.S. mail.
Go direct. If you get one of these emails and are worried that there may be a real problem with your account, open up a new browser window, go directly to your bank site and sign in there. Chances are, you'll see something along the lines of: "(Your bank) DOES NOT send emails instructing you to click on a link to enter your personal information." When you sign on without trouble and there's no other message from your bank saying that your account is compromised, you know that it's not. Delete the email that caused you to worry, but remember it -- and the fact that it was a scam -- for next time.
Don't try to "win" anything. Phishing is done with more than emails. Contests are big: "Win a free iPad!" or "Get a $500 Target Gift Card!" The come-ons are all over the web. All you have to do supposedly to get this awesome swag is click on a link that is likely to take you to a toxic site. Increasingly, these toxic sites embed a virus into your computer that allows the crook to capture your every keystroke. That means it gets all your passwords and user IDs for your bank and brokerage accounts. You know you're really not going to get something for nothing, right? So don't pretend you will. When you see the word "free," think "danger." Don't go there.
Don't panic. The other brilliant scam that can pull you into the vortex of a toxic site is the pop-up warning: "Your computer has been compromised! Click here to download a security fix!" When you click, you open the gates of your computer to all sorts of nasty viruses. If you don't panic, you won't click and you won't regret it later.
Get security. If you don't have security software on your computer, now is the time to invest in it. Good services like Norton AntiVirus or McAfee will set you back between $30 and $100 a year. If you compare that to the $4,500 you could lose in a phishing attack, it's a bargain.