What is Phishing?
Phishing is probably the most recognizable term in this list, as a lot has been done to bring awareness to these sorts of scams in recent years. If you haven't heard of phishing, it is essentially when a fraudster impersonates a trustworthy source in a digital communication (such as an email) to obtain information of a sensitive nature. This can include login credentials for social networking and banking websites and even credit card information. Phishing is most commonly perpetrated by scammers over email.
How to Spot a Phishing Attempt:
Watch for red flags in emails that could indicate an email isn't from who you think. Phishing attempts often involve the fraudster impersonating someone you might know and asking you to do something urgently or feigning an emergency in the hopes that the emotional nature of the email will have you overlook important details like the sender email not matching the sender name. Less sophisticated attempts at phishing might include emails that have poor grammar or sentence structure. A poorly written email asking for something out of the ordinary can indicate something sinister is going on.
Best Practices to Protect Yourself From Phishing:
- Never open an email from a sender you don't recognize
- Never click on an unsolicited link inside of an email
- Double-check the sender address to see if the domain looks inauthentic
What is Smishing?
Smishing is quickly becoming more common among scammers and is a form of phishing that relies on text messages to retrieve information. While many of us have become used to seeing unsavory-looking emails on a regular basis; untrustworthy text messages are something we are not so well conditioned to look out for. A good practice when it comes to smishing is therefore to never reply to a text message from a number you don't recognize and to never click on a link embedded within a text. If the number looks funny right off, it may be best even to just delete it without opening it. If you do open some unfamiliar text messages, however, here are tactics employed by smishers you can be on the lookout for:
- Posing as a collections agency threatening to hurt your credit score
- Soliciting payments for an overdue service
- Asking you to confirm banking information
- Pretty much anything with a "click here"
SMS marketing is on the rise and it's likely that people will receive fewer telemarketing calls and more text messages in the coming years. As a result, always exercise caution when clicking on a link or an offer that comes through your text inbox.
What is Vishing?
Even if you're not familiar with the name of this particular form of phishing, you've probably heard stories of people falling victim to this ploy. Vishing is a scam whereby fraudsters call your personal phone number and threaten you with serious consequences if certain conditions are not met. While it used to be easier to avoid telemarketing and scam calls, nowadays, many of these calls appear to come from a local number so you are more likely to answer it.
A classic example of this scam in Canada is the CRA scam which had a lot of traction in 2020. Scammers would call unsuspecting Canadians pretending to be a CRA agent and ask for tax money to be paid immediately. If people were not willing to comply so easily, these fraudsters would go so far as to threaten people with arrest by the RCMP. Some tips to avoid vishing scams are:
- Don't answer calls from unknown numbers
- Never give out credit card information over the phone (unless you are confident you are speaking to a verified representative from your financial institution/insurance company etc. and you are the one who initiated the call)
Social Engineering Tactics
One of the key tactics of all forms of phishing is something referred to as social engineering. This is a technique whereby fraudsters gain people's trust initially (just as a con artist would do in-person), and build rapport with their victims before executing their scam. Because some trust has now been established with the phisher, people may be more likely to comply with their requests.
Keeping Your Merchant Account Secure
To keep your merchant account, as well as your customers safe from scams and data breaches, here are some best practices for you to follow:
- Never write down customer credit card information, use the Helcim card vault instead
- Don't click on anything suspicious in an email or text message
- Use a different password for everything to do with your business
- Use address verification or AVS
- Watch out for irregular activity like multiple failed transaction attempts, that could suggest stolen cards are being used at your store