Every year the quality of phishing attacks seems to get better. It wasn’t too long ago that you could spot a fake message from a bank, because of the terrible use of english and awful formatting of the images, but it is not a lot harder. The syntax, grammar, formatting, images and event the URL’s they point you too look identical to those of the real institutions that they are purporting to be.
In fact, some of the emails you receive from scammers, now actually look better than the ones from your bank.
The simple answer (of course) is to NEVER trust an unsolicited communication from anyone, it doesn’t matter of the bank calls you, emails you, writes to you, or knocks on your door directly. If you didn’t expect the communication there is a very high probability it’s fake.
The best answer is to always either visit the institution in person, or call the number on the back of your card (and I can even think of a few ways this can be faked, but it’s much harder)
Here are a few of the attempts to scam me, that I’ve received just this month:
“Hi I’m calling from Microsoft, and we have detected a virus on your computer, and you need to give me access to remove it”
“Hello dear friend, I’m the daughter of the late finance minister of an African nation, and am in trouble and need your help to get funds out of the country, I’ll pay you well for your service in this matter”
“There is an issue with your iCloud login, please click below to resolve the issue”
“This is a IRS calling to tell you that you will be arrested unless you call this number immediately”
“I have been contracted to kill you, but will not kill you it you pay me the same amount of money as the contract”
“This is a fraud alert from the bank, please login below to confirm the transactions”
Some of these were via email, and some phone calls. All were ignored, and most entered spam folders.
For the phone calls I use an amazing service called norobo, which checks every incoming call for know garbage (including charities and political parties) and diverts the call as soon as the caller id is identified. A brilliant free service for the home line (and they charge for cellphones)
For email, the built-in spam filters seem to work quite well, and I needed to actually look in the spam-folder to see what I received.
The simplest answer is to just not believe anyone who calls or emails, assume they all lie, and you are right virtually every time.