This article was last updated on Oct. 15, 2020.
In today’s digital age, we do a lot online: shop, check social media, manage our bank and credit card accounts, and review our health insurance usage — just to name a few. Unfortunately, scammers try to take advantage of all the different ways we use the internet to steal our personal information. That's why it's so important to learn more about this practice, also known as phishing, and get tips to stop these scammers in their tracks.
What is phishing?
Phishing is the fraudulent practice of sending emails that look like they’re coming from well-known companies with the aim of collecting your personal information, like passwords and credit card numbers. Once scammers have your information, they can drain your bank accounts or use your personal information to steal your identity.
How to protect yourself against phishing
The U.S. Federal Trade Commission (FTC) External Site reports that thousands of phishing attacks are launched each day and most are successful. According to the Federal Bureau of Investigation’s Internet Crime Complaint Center, Americans lost $30 million to phishing schemes Opens PDF in just one year.
Follow these tips to recognize phishing scams:
- Look for inconsistencies. Phishing emails often use real company's logos to make their communications seem safe — and are counting on you to not stop and double check what's in the email. A phishing email may be sent from a suspicious site, contain obvious grammar and spelling mistakes, or have a misspelled company name or address (e.g., email@example.com).
- Double check the ‘story.’ The most common way phishing emails trick you into giving away your information is by telling you a believable story. They might say they’ve noticed some suspicious activity on your account, ask you to confirm personal information, or want you to click on a link to make a payment. The best way to sense-check a story like this is to contact the company directly to see if there has been any suspicious activity, or a payment is due like the email claims.
- Watch for suspicious links. Scammers often hide their links behind buttons or images in an email so you won’t know what you’re clicking until it’s too late. Some also use link shorteners, like bit.ly, to disguise suspicious links. Look before you click!
- Don’t act immediately. Phishing scams often come with an unusual sense of urgency to scare you. An example? “You’ll lose your health coverage if you don’t click this link within the next 12 hours!” If you find yourself on the receiving end of an email like this, first, take a deep breath and then call the company directly. If the phishing email provides a phone number, don't use that number to verify if the threat is real. (Hint: It most likely isn’t.)
- Be wary of sharing information. If a reliable organization needs your birth date or Social Security number, they’ll never ask for it via email. Make it a practice to never give out confidential information over email.
What to do if you receive a suspicious email
If you think you received a phishing email, you can report it by forwarding it to the FTC at firstname.lastname@example.org Send Email and to the Anti-Phishing Working Group at email@example.com Send Email. You can also file a complaint External Site with the FTC.
And, if you think a scammer may have obtained your information, check out the FTC's identity theft recovery resources External Site, and change any passwords associated with the account that may have been hacked.
Don't forget: As a Wellmark Blue Cross and Blue Shield member, you and your dependents have access to identity protection services through IDXTM. These services — called IDXTM Identity — are available at no cost to you. To get started, log in to myWellmark® Opens New Window and click on Identity Protection on the bottom left corner of the page.