Learn
Scam Alert: Phishing
In a perfect world, your email inbox would only contain emails from friends and companies you do business with. Unfortunately, your email inbox is a virtual playground for people looking to do more harm than good.
There has long been a problem with hackers trying to get your financial info and passwords by pretending to be someone you do business with — often a bank, a credit card company, or a retailer you've made purchases from. But there's also a growing problem with scammers pretending to be someone you interact with in a work context — either a work colleague or someone from a company your employer does business with. These scammers can then trick you into either downloading malware onto your computer or divulging confidential information about your work.
These types of email scams are known as phishing. A 2019 report by PhishLabs, a company that monitors and mitigates hacking threats, found that phishing attempts in 2018 increased by more than 40%1 compared to the previous year. Fast forward. According to Security magazine, a recent report uncovered a 198% increase in browser-based phishing attacks in the second half of 2023 compared to the first half of the year. And with a large segment of people still working remotely (the aftermath of the COVID-19 pandemic), phishing attempts still continue to rise.2
But what is phishing exactly, and how can you protect yourself?
Did you know? Scammers try to appeal to your emotional side by spoofing the name of a person or company you know so that you feel a sense of trust.
Phishing, Explained
Phishing is when someone sends fraudulent emails in an attempt to access your personal information — or to manipulate you into giving them your personal information directly. And these emails typically look very credible. Here are a few examples of phishing emails:
- Asking you to reply with confidential information: In this situation, the email is designed to look like it was sent from a trusted source — say your email provider, Amazon.com, or even your bank. The email may ask you to reply directly with your personal information — such as your account information or your Social Security number — for “verification purposes." Once you do, the scammer then has your confidential information. These emails often look legitimate, but always remember that a trusted source will never ask you to reply to an email with any type of personal or confidential account information.
- Asking you to click on a link: Many phishing attempts also use links to fake websites, and here's how they do that: You'll receive an email that appears to be from a trusted source, and the email message asks you to click a link within the email to log in to your account. The email may express urgency about this, claiming they need you to verify your account information because someone tried to access your account, or because the company is doing routine maintenance. Once you click that link, though, you're sent to a fake website that looks nearly identical to a website you trust. You enter your information, thinking you're logging in to your legitimate account, and then your info is sent straight to the scammer — with you none the wiser.
- Asking you to open a file: Phishing email scams have evolved to include mimicking popular cloud-based storage sites like Dropbox and Google Docs. For example, you could receive an email that appeared to be from a trusted source, such as the company you work for or a reputable financial institution, asking you to open a Google Docs file. Doing so, however, would give scammers access to your email account and contacts list.
Why Phishing Works
Phishing's effectiveness relies on what cybersecurity experts call "human fallibility." In other words, it's not a weakness of a particular hardware or software configuration that makes people vulnerable; instead, it's human nature.
With phishing, scammers try to appeal to your emotional side by spoofing the name of a person or company you know so that you feel a sense of trust. Or they'll try to bring out your inner curiosity by dangling a link to a Google Doc or Dropbox file, leaving you wondering what it contains.
Another common tool for these scammers is urgency. The email you receive might say that your account has already been compromised and you need to act quickly, or that a co-worker needs something immediately before you both get fired. Whatever the context, the goal is to get you to act without thinking.
Why people who work from home are more at risk
Everyone who uses email is potentially at risk of falling victim to a phishing attempt. But people who work from home are somewhat more at risk because of the nature of their workday. In an office setting, it's easy enough to drop by your coworker's cube to ask about that unexpected file they sent — or that urgent request that required emailing some of your company's financial information. At home, you may grow accustomed to just responding to those emails from colleagues and outside vendors — and responding promptly.
Additionally, the average person's home computer and network is typically not set up as securely as it would be in the office. And this makes people vulnerable to malware and ransomware attacks if they open a malicious file or click on a malicious link.
To learn more about how to protect yourself against phishing attempts, check out these five tips. If you suspect a phishing attempt is sitting in your email inbox, here's what to do.
Consider Signing Up for Credit Monitoring
Does remembering to regularly scan your credit report sound exhausting? Another option: Choose a service that will do the credit monitoring for you.
For example, as a Synovus Plus, Synovus Inspire, or Synovus Private Wealth customer, you can enroll in complimentary Financial Protection Services services through Carefull. Depending on the level of protection you have, Carefull will monitor your credit reports and notify you any time any changes are made. Carefull will also scan the web to make sure your personal information hasn't been compromised by checking websites, blogs, peer-to-peer networks. Carefull also offers full-service identity restoration if you become a victim of identity theft.
Learn more about how you can achieve peace of mind as a Synovus customer with Carefull.
Important disclosure information
This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.
- PhishLabs, "2019 Phishing Trends and Intelligence Report," accessed March 27, 2020. Back
- Proofpoint, "State of the Phish," report published 2023; accessed February 5, 2024. Back
People are also reading
Do you have questions or ideas?
Share your thoughts about this article or suggest a topic for a new one