The term “phishing”—as in fishing for confidential information—is a scam that encompasses fraudulently obtaining and using an individual’s personal or financial information. Bank accounts can be the target of thieves and fraudsters. Please be aware of common email phishing scams where the message appears to come from known and trusted sources, such as the Federal Deposit Insurance Corporation, the Internal Revenue Service, or the National Automated Clearing House Association (the ACH payment network). Some red flags that can help you to quickly identify a potential email phishing scam are:
- Unusual greeting: A phishing email may not refer to the email recipient by name or it may refer to them in a nonsensical manner such as “Client(s)”.
- Sense of urgency: An email that claims an urgent need to communicate with you for your own security, or a request to verify payment information immediately, using compelling language that urges the recipient to take action.
- Random generation of numbers: A phishing email may contain a random sequence of numbers, such as “ACH Payment #38350555 canceled,” that can also be inserted into the subject line or text of the email to make it appear as though it is a specific transaction ID or payment amount. That random number can also be inserted into the file name of the pdf.exe file or pdf.zip file, creating a sense of uniqueness and legitimacy.
- Strange or unfamiliar links: The links may look official, but when the mouse cursor rolls over the link the link source code points to a completely different website which may contain malware as a pdf executable file or pdf zip. Never open attachments, click on links, or respond to emails from suspicious or unknown senders.
- Fraudulent use of legitimate business logo, website, address, phone: Fraudsters often insert actual identification references to a business into their phishing emails to make them appear legitimate.
Please be aware that bank accounts are at a heightened risk of such scams, and be sure to protect yourself by first trying to recognize fake messages, and by installing up-to-date virus protection software on your business computers. If in doubt, do not click on links presented in any message you think is suspicious, rather attempt to authenticate any requests via trusted communications channels such as calling a company representative.
At Byline, we take great care in safeguarding your personal and financial information. To better protect you, remember that we’ll never send an email requesting your information or asking you to verify a request or transaction.
Please contact us if you have any questions or concerns.