How to Avoid Holiday Scams and Keep Your Remitly Account Safe

Avoid Holiday Scams

At Remitly, we work around the clock to ensure we exceed customer expectations around security and service. Here are a few helpful tips to keep your Remitly account and other accounts safe during the holiday season, which can be a popular time for fraudulent activity as fraudsters take advantage of the influx in online shopping. Read on to learn how to safeguard your personal and financial information.

What is phishing?

Phishing is a common tactic fraudsters use online. A phishing scam is when someone attempts to pose as a legitimate company or representative of a company to obtain personal information such as usernames, passwords, and bank account details for malicious or fraudulent purposes.

Overall, phishing attacks are the most common type of cybercrime. In 2022 alone, Microsoft detected more than 40 million phishing campaigns. Approximately 85% of companies worldwide were impacted by attempted phishing attacks that year as well.

How do phishing scams work?

With phishing attacks, there’s no need for scammers to hack into computers or for identity thieves to purchase information. The criminals simply pose as legitimate companies and organizations and fool their victims into willingly offering their personally identifiable information.

Basically, phishing scams trick users into providing personal or financial information. By posing as legitimate companies, they get unsuspecting people to share sensitive data.

Phishing attacks can take many forms, including all of the following.

Phishing emails

Phishing emails are one of the most common forms of phishing scams. With these phishing campaigns, fraudsters send out thousands of email messages pretending to be trustworthy organizations and businesses.

Common phishing emails get people to share sensitive data in one of two ways:

Malicious link phishing emails

Phishing emails may include a malicious link to a website. When you click on it, you get directed to a fake website that resembles a real one.

The idea is to get the victim to enter their login credentials. Once the scammers have this login information, they can then access their confidential information.

Attachment phishing emails

With an attachment phishing email, scammers tell the victim they have attached an important document to their message. Often, it is a phony invoice.

When the person downloads the attachment, they unknowingly install malware on their computers. Once this malicious software is in place, scammers can access a wealth of sensitive information stored on a computer or mobile device.

SMS phishing

Also referred to as SMIshing and text message phishing, SMS phishing is the term for phishing attacks that originate through SMS text messages on a cell phone or other mobile device.

SMIshing messages use the same techniques as phishing emails, providing links to fake websites or attachments that contain malware.

Social media posts and messages

Social media has given scammers another way to carry out phishing attacks. They may set up fake social media profiles and try to attract followers. Once they do, they make posts that direct people to compromised websites and then try to trick them into sharing login credentials.

Another tactic is to leave a comment on a social media post that contains a link to a fake website.

In some cases, phishing attacks may also originate through social media private messaging, with scammers using the same tactics they do when text messaging and emailing victims.

Spear phishing

Spear phishing attacks are targeted phishing attacks. Unlike general phishing campaigns that go out to a large group of people, spear phishing involves a particular individual, such as someone who has administrator access to a company’s computer systems or a key decision-maker at a company.

The ultimate goal of spear phishing attacks is the same as those of other phishing emails and text messages, but the content of the messages tends to be much more personalized.

Scammers will take time researching the victim when planning the spear phishing attack. They will often pose as a vendor or a company that the victim engages with regularly to make their spear phishing attempt as convincing as possible.

Voice phishing

Voice phishing or vishing is when scammers target victims through phone calls rather than fraudulent emails or text messages. When the victim answers, the scammer claims to represent a company or organization and requests personal details about them by phone. To make the calls more convincing, they may even use technology that changes their phone number to a legitimate-looking one on caller ID.

How to Avoid Holiday Scams : A man looks at his cellphone

What are some common phishing scams?

Scammers can try to trick you into visiting phony web pages, disclosing your personal details, or downloading malware in a number of ways. The following are some of the most common types of phishing attacks.

Personal contact scams

With this scheme, the scammer sends a phishing email or message posing as a person’s friend, family member, or business contact. Often used for spear phishing attempts, the scam relies on the trust between two people to get them to download attachments or visit a fake website.

Package delivery scams

Package delivery phishing is when scammers pose as the postal service or a shipping carrier. They send spoof emails and text messages saying that there is a problem with a shipment. These messages may ask for payment information to cover shipping costs or other personal details or the victim’s address or social security number to verify your identity.

Government agency impersonation

Scammers can also capitalize on the fear that people have of certain government agencies. For example, they may send phishing emails claiming to be the IRS and demanding that the victim make an online payment to avoid an audit or tax penalties.

Another approach is to pose as law enforcement and ask someone for their credit card number or bank account number to pay for a fine. If the person refuses, they may create a sense of urgency by threatening them or a loved one with jail time.

Financial institution and business scams

Another approach to phishing involves posing as a reputable company. Scammers may send phishing emails to people claiming to be financial institutions like banks or credit card companies.

In this phishing email, they may say there is a problem with their account, such as a suspicious transaction. The phishing email will instruct the person to log in to their account to provide or verify information.

Scammers may also impersonate utility companies and e-commerce stores, employing similar tactics.

Charity scams

Charity phishing fraud is particularly insidious as it preys on people who believe they are helping a worthy cause. With these phishing emails and text messages, scammers pretend to be a nonprofit organization and ask for people’s financial information to process donations.

What information are scammers searching for with phishing scams?

Scammers may have different goals in mind when they launch phishing schemes. However, they’re all after sensitive information, which may include:

  • Credit card numbers, expiration dates, and security codes
  • Bank account routing and account numbers
  • Social security numbers
  • Driver’s license and personal identification numbers
  • Login information like usernames and passwords
  • Other identifying information like addresses and phone numbers

What can happen if you’re the victim of a phishing attack?

The consequences of a successful phishing attack can be severe. Let’s explore some of the biggest risks of phishing.

Identity theft

By providing sensitive data to scammers, you can become a victim of identity theft. A person may use your personal and financial information to open credit card accounts, take out loans, rack up medical debt, and more.

Fraudulent transactions

If a scammer gains your login credentials or payment information, they can often conduct transactions. They may make purchases and charge your debit or credit card or transfer or wire money to themselves.

Ransomware attacks

With ransomware attacks, scammers take control of computers or mobile devices. When this happens, the victim cannot use their device, and their sensitive data becomes vulnerable. Usually, scammers say that they will relinquish control in exchange for payment.

How to Avoid Holiday Scams

How to spot phishing attempts

While there’s no way to prevent phishing, you do have control over whether you become a victim. By spotting phishing emails and text messages, you can avoid becoming a victim. Some telltale signs of suspicious emails and texts include:

  • Typos and grammatical errors
  • Logos that don’t match the official website
  • Website links that are a series of random letters and numbers
  • Incorrect information like your name not being the same as what’s actually on your account
  • Email addresses and phone numbers that don’t match those of the organization

Top phishing prevention techniques

In addition to being on the lookout for suspicious emails and texts, there are other anti-phishing strategies that you can employ. To help prevent phishing, follow these tips.

Avoid clicking suspicious links

Anytime you’re unsure about an email, avoid clicking links or downloading attachments. Simply receiving a phishing email or text message isn’t enough to compromise your sensitive information, so just not clicking can keep you safe.

Contact customer service directly

If you’re in doubt about the authenticity of any email, contact the supposed sender directly. Conduct an Internet search or look at a bill or statement to find the organization’s real contact information. Then, call to confirm the message you received.

Update your antivirus software regularly

Antivirus software can help defend your computer from phishing and other attacks. Ensure you have one installed on your system and update it as frequently as recommended. Keeping your cell phone and computer operating systems up to date can help, too.

Use your spam filters

Spam filters in your email can redirect suspicious emails from your inbox, making you less likely to click on them. When a spam message slips through the cracks, flag it as spam to help your email client service learn what to look for. Doing so can reduce the number of phishing emails that get past your spam filters.

Change your passwords regularly

A website or business email compromise can expose your username and password, making you more vulnerable to phishing scammers. Changing your passwords regularly and using unique passwords for all of the websites you use can help protect your personal information.

Use multi-factor authentication

Multi-factor authentication is when you need to do more than one thing to access an account online or through mobile devices. For example, you may need to enter a code that you receive via email or text message after you provide your username and password.

Opt into multi-factor authentication whenever it’s available to you. Doing so puts an extra barrier between your information and phishing scammers.

Train your employees

If you own a small business, teach your employees how to spot suspicious emails and text messages. Ongoing training can help protect your business from those who seek to steal money or take over your system.

How to Avoid Holiday Scams

Who do you report phishing scams to?

When you receive suspicious texts and emails, reporting the issue may lead to the apprehension of those individuals trying to trick people into sending money or sharing their personal data. The following are some organizations that you can report phishing to.

Government agencies

Most countries have agencies that protect consumers from cyber crimes and accept reports about phishing and other online scam attempts. In the U.S., the agency is the Federal Trade Commission or FTC. You can file an FTC fraud complaint by clicking here.

Industry groups

Some industry groups concerned with anti-phishing protections also accept reports. The Anti-Phishing Working Group is the most well-known example. Filing a report with the group is as simple as forwarding your suspicious email to reportphishing@apwg.org.

Businesses being impersonated

Although not required, you can let financial institutions, charities, and businesses know when scammers are sending emails or texts posing as their representatives. You can also notify family members, friends, and business contacts if someone is impersonating them.

E-mail and Internet services

Your e-mail and/or Internet Service Provider (ISP) may also accept phishing reports. Follow the links provided for directions on how to report phony emails through Gmail and Microsoft Outlook.

Local law enforcement

If you lose money due to phishing, you can file a police report with local law enforcement. Usually, you will need to visit your closest police station to start the process.

How do I protect my Remitly account from a phishing attack?

For your safety and security, Remitly will never ask you to change your bank account details. Any changes to bank details can only be initiated by you (our customers). You can safely share documents or personal account information by logging in to the Remitly app or website by following these easy steps:

  1. Log in to your Remitly account.
  2. Once logged in, you will receive an alert at the top of your screen in red.
  3. Click on the alert to receive instructions, then follow those instructions to upload your documents securely. 

For more information on how to keep your account safe and secure, please visit our Security page on our website here.