Protecting yourself from a phishing attack

As information technology has evolved throughout the years, so have the scams used by fraudsters to steal funds and even identities. If you’re managing your money online or through an app, a big part of maintaining your financial health is protecting and securing your money. That said, it’s essential to be aware of one of the most common types of online fraud, called phishing.

When users click on a phishing email or text message, they may unintentionally give out their personal information, or become a victim of a malware or ransomware attack (both are types of malicious software).

You can help protect yourself from a phishing attack by knowing what to look out for. In this post, we’ll define what phishing is, how to recognize a phishing message or phishing scam, and outline tips to help protect your Spruce accounts.

What is phishing?

You can think of phishing as an attempt to obtain sensitive information through a false identity. Fraudsters may impersonate a financial institution, business, charity, or government agency, to trick you into revealing your personal information so they can access your accounts. They’ll create fake emails, websites, social media accounts, etc. to appear as if they are the actual company contacting you.

In some phishing attempts, fraudsters will send out thousands of email messages to a large group of people, hoping someone will respond. In other cases, they may target a smaller group of users with more personalized details, hoping that you’ll be lured in by a sense of legitimacy. This tactic is called spear phishing.

These scammers know that the more personal information they can get from you, the easier it will be to gain illegal access to your accounts.

Pretty upsetting, right? To help put some control back in your corner, it’s good to know how to spot a phishing email or other phishing attack.

What are the common indicators of a phishing attempt?

Here are a few common indicators of a phishing attack:

  • There’s a problem with your account and they want you to act now. They may contact you and state that there’s an issue processing your payments, or that you owe money. As part of their made-up problem, they’ll ask for your log-in information so they can help you resolve the issue. Look out for messages that want immediate attention. Cyber criminals use urgency as a key social engineering technique, hoping you won’t have time to remember your security awareness tips, trying to get you to slip-up.  
  • They pressure you to pay. To collect the money you supposedly owe, fraudsters may ask you to send funds through various means. Examples include wire transfer, digital payments, gift cards or other pre-paid cards, cryptocurrency, check, debit cards, etc.
  • The grammar or context of the message is off. Many times, phishing messages have a generic greeting, spelling or grammatical errors, or the situation described in the message is inaccurate.
  • The sender information or website looks different. Suspicious email addresses or websites that are different from what you’re used to or ones that have a lot of extra letters and numbers can sometimes be a sign of a phishing campaign. The same goes for social media accounts.
  • The design of the message looks right – mostly. These days, it’s easy for cyber criminals to fake a logo, website or graphical design from brands (especially when they use tools such as a phishing kit to create phony sites to harvest your data). They may make it look close enough to the real brand but may not have taken the time to get every detail right. Upon closer inspection, you might notice subtle differences in spacing, logo placement, color, etc.

Avoiding online phishing attacks and protecting your Spruce accounts

Keeping your accounts safe starts with a little vigilance. Don’t worry – you don’t need to be a tech expert. To help you safeguard your Spruce accounts from email phishing scams or other attacks, adopt the following information security practices to help protect your sensitive data from malware, identity theft, and phishing attackers.

  • Create strong, unique passwords. Follow the suggested password requirements and avoid including your sensitive information in passwords, such as your birthdate or Social Security numbers. Don’t use the same password for all accounts as it could give scammers access to other logins. This is especially true for email security as access to your email may help criminals reset certain passwords.
  • Protect your login information. At Spruce, we will never ask you to provide your login information via social media, email, text message, etc. You should change your password if you have provided your login information to anyone and not reuse the same password.
  • Set up notifications. Within the Spruce app you can get notified for activity on your account such as large transactions, deposits, and statements. Setting up notifications helps you be aware of recent activity on your account.
  • Take note of fraud alerts. We’ll notify you via email or text message if we identify any unusual activity, account changes, or purchases on your account.

How to report fraud or possible phishing attempts: If you have unauthorized activity on your account, you should call Spruce customer service at 1-855-977-7823

Learn more about Spruce security

From offering tools that let you lock your debit card to monitoring for unusual transactions, we take your security seriously.

Find out how Spruce security helps protect your data and money. 

This information provided for general educational purposes only. It is not intended as specific financial planning advice as everyone’s financial situation is different.

Was this article helpful?

Get better with money.