How to Recognize and Avoid Phishing Scams

How to Recognize and Avoid Phishing Scams

Across the industry, financial institutions and tech companies have seen an increase in fraudulent scams. From stealing passwords, account numbers, and even social media profiles, scammers use clever tactics to deceive everyday people like you. Here are some ways to protect yourself and your sensitive information from theft. 

What’s the difference between phishing and smishing?

Think of it this way–phishing and smishing are both intended to steal data but through different methods. While phishing includes linking fraudulent scams on emails and websites, smishing refers to deceitful text messages also intended to take your info.

How to spot a phishing scam

Unfortunately, scammers are pretty creative with the tricks they use to steal information these days. Many fraudulent emails and text messages will create a false sense of urgency in the correspondence to prompt you into clicking on a link or opening an attachment with malware. 

The message may be: 

  • Asking about a potentially unrecognized transaction and prompting you to authorize the purchase 
  • Stating that they’ve noticed some suspicious activity or log-in attempts on your account
  • Claiming there’s a problem with your account or your payment info 
  • Stating that you need to confirm some personal or financial information 
  • Instructing you to click on a link to make a payment 

Sometimes these messages can even appear to come from legitimate companies. That’s why it’s important to keep an eye out for these red flags. 

  • The sender’s email address doesn’t match the name of the company they claim to be from
  • The sender’s email address is not listed on the company’s website
  • When you hover your cursor over any links in the email, their web addresses do not match the text that appears over them
  • The email invites you to click on a suspicious link to update your payment or personal information
  • The message looks significantly different from other messages that you’ve received from the company
  • The message is unsolicited and/or contains an attachment
  • The message contains poor grammar, misspellings, and inconsistent word formatting

Smishing attempts on your phone can contain elements of the above, while also… 

  • Requesting personal information, like a credit card number, account password, or PIN/verification code
  • Containing an attachment or unsolicited message 
  • Including poor grammar, misspellings, and inconsistent word formatting

An example of a smishing attempt 

Be aware that scammers may sometimes use the last four digits of your card number to make you believe the message. When this info is provided, it’s usually connected to a purchase on a fraudulent website. See here for tips on shopping safely online. 

How you can protect yourself from scams

  • Be suspicious of unsolicited phone calls, emails, and text messages
  • Do not provide personal information, passwords, account numbers, or verification codes unless you initiated contact with someone at said company directly (Note: Extra will never ask you for any of these details)
  • Whenever you’re unsure about an email, text, or phone call, verify the request by contacting the company directly by the contact information listed on previous statements or via their in-app messaging system
  • Do not use the contact information provided on the suspicious message or any links listed on those messages

What to do if you receive a phishing attack claiming to be Extra

If you believe that a message or phone call you’ve received is a phishing attack, do not provide any of the information requested. End communications with the sender and reach out to said company directly. 

Extra employees will never ask you to provide any personal information, card information, or verification code. If you receive a phone call or text message claiming to be from Extra requesting these details, please do not provide them. Follow these instructions to report the communication. 

  • Provide screenshots of any conversations via email/text message with the phone numbers and email addresses

For more information including further ways to report phishing attacks, you may visit a helpful article from the Federal Trade Commission here

Stay in the loop