You receive an email, phone call, text, letter or pop-up message on your computer from what appears to be a reputable source advising something has taken place and they need to confirm your information for security reasons.
They may ask you to provide any of the following "for verification purposes":
Date of birth
Mother’s maiden name
Social Security Number
Or any other personal information
In reality, they aren’t verifying anything. They’re stealing that information so they can either sell it, use it against you, or both.
Why Phishing Scams Work:
With so many security breaches, it becomes difficult to know when something is real and when somebody is simply phishing for your information. You feel concerned that your personal information or accounts have been compromised, so of course you want to make sure you’re protected. The notification appeared to be official looking, so without thinking or researching, you provide the information requested. Only later, you start to wonder if you did the right thing.
What You Need to Know/Do:
Phishing attempts typically come from what appear to be reputable businesses. Emails and letter will look official, even including the company logo on the document. Example: If you receive notification from Bank of America that your account has been compromised, ask yourself if you even have an account there or do business with them. Phishing emails get sent to thousands of people. They will typically pick a large bank or company so that the chances of somebody actually having a relationship with them will be higher than if they used a lesser known entity. If the notification was sent electronically, focus on the “sent address” by hovering over it with your mouse. Make sure it shows the company name in the URL AFTER the @ sign, and make sure it’s the correct address. It should say: firstname.lastname@example.org. Not email@example.com and not firstname.lastname@example.org. No matter how you receive notification, check it out before you provide any information.
Never call the number they provide to you unless you verify it from another source.
Never click on any embedded links as those can also download viruses or malware.
Make sure you have a relationship with the company that allegedly sent the notification.
Look up the company where your information has been compromised, and call them at a phone number you know to be correct.
If you receive a phishing attempt, report it!