Learn to spot phishing scams


Suspicious message? Don’t take the bait.
 

Phishing attacks are phony communications designed to trick a person into giving a scammer sensitive or financial information, such as account usernames, passwords, credit card information and Social Security numbers.

Phishing attacks may appear to be from a legitimate business or trusted individual and can come in many forms – email, text message or phone call – so it’s imperative to understand the red flags associated with these malicious attempts.

Remember: If a message – whether it be email, text or phone – appears suspicious in anyway, don’t engage.

Here’s how to better protect your account from these different types of phishing scams:

Email phishing

Email phishing refers to fraudulent emails that typically appear to come from trusted individuals or legitimate businesses such as financial institutions, insurance companies or retailers and often include seemingly authentic logos, look-alike email sender domains, as well as links or graphics that look genuine.

Fraudsters engaging in email phishing may attempt to deceive you into downloading an attachment or clicking on a link within the message that will download malware onto your computer to illicitly obtain personal and financial information. These links may also redirect to legitimate portals, such as Microsoft Office, where they will ask you to enter your account credentials.

How to spot an email phishing scam:

  • Sense of urgency. Phony phishing messages try to ‘bait’ you with an urgent situation requiring you to take immediate action. Watch for clickable links to ‘update’ or ‘validate’ personal information. Additionally, be cautious of any emails that appear to use current news events (like a natural disaster or geopolitical tumult) to solicit donations.
  • Spelling or grammatical errors. It’s rare for a well-known company to have spelling and grammatical errors.
  • Suspicious links. Be wary of links in emails. It’s always safest to go directly to the company website and log in to your account.

An example of an email phishing scam

Email from Online Bank that uses a look-alike domain. Notice the urgent message, grammar and spelling mistakes, and suspicious link.

What to do if you suspect an email is a phishing scam

  • Do not click on any attachments or links in the email, or take any action requested within the message.
  • If the email is sent to a work account, follow their protocol for reporting phishing attempts.
  • If the email is sent to a personal account, delete it and follow up with the purported sender directly. For example, if the sender appears to be a company, visit the company’s website directly to check on your account activity.
  • Log in to accounts using 2-Step Verification when possible.

How to report email fraud or phishing to Ameriprise

If you suspect you’ve received a fraudulent email from someone posing as Ameriprise, please:

  • Forward it to us immediately at: anti.fraud@ampf.com.
  • Do not remove the original subject line or change the email in any way when forwarding.
  • Watch for an auto-generated reply to let you know we’ve received your email. If we confirm the email is fraudulent, we will take appropriate action immediately.
  • If you provided your account information to a request you suspect may have been fraudulent, call us immediately at 800.862.7919.

Text message phishing

Text message phishing – also known as “smishing” – refers to fraudulent messages sent via text or through other mobile-friendly communication platforms, such as Instagram direct messages, WhatsApp or your LinkedIn mailbox. Like email phishing, scammers conducting text phishing attacks aim to steal their victims’ personal and financial information.

How to spot text message phishing:

  • Fake email address. Most companies use a short code to send text alerts, not an email address. Emails may be from a look-alike domain and not a legitimate firm or company.
  • Suspicious links. The URL should include the company name and website domain (ameriprise.com, for example). Always be cautious of shortened URLs from services (bit.ly or tinyurl.com, for example).
  • Urgent or threatening message. Messages are written to try to ‘bait’ you with an urgent situation that requires you to take immediate action. If the text contains a threatening message, it’s probably a scam.

An example of a text message phishing scam

Text message from Online Bank that uses a look-alike domain. Notice the suspicious link and urgent message.

What to do if you suspect a text phishing scam

  • Be wary of links sent through text messages.
  • If the text message seems suspicious, do not respond.
  • Visit company websites directly to check on your account activity.

Voice call phishing

Voice call phishing (also known as “vishing”) is when a fraudster attempts to deceptively extract an individual’s personal or financial information through a phone call.

How to spot a voice call phishing scam:

  • Personal information requests. Ameriprise Financial, government agencies, and other bank and financial companies will not call you unexpectedly and ask you to provide personal information like passwords, account numbers, or Social Security numbers.
  • Remote access requests. Never give anyone remote access to your computer unless you have contacted them. Be wary of popups on your computer screen asking you to download software. Tech support from legitimate companies will not engage you this way.
  • ‘Local’ phone numbers. Phone numbers can be spoofed. Be cautious of unfamiliar phone numbers even if they appear to be local.
  • Sense of urgency. Like in the case of email or text phishing, vishing messages try to ‘bait’ you with an urgent situation requiring you to take immediate action.

An example of a voice call phishing scam transcribed

Phone call exchange between an individual and tech support scammer. Notice the scammer prompts the individual to click on a suspicious link, insert their password, and provide their credit card number.

What to do if you suspect a phone call is a phishing scam

  • Don’t answer. Let calls from unfamiliar numbers go to voicemail.
  • Block phone numbers on your mobile phone that call repeatedly for a fake business reason.
  • Be wary of links sent to you from the caller even if they seem like they are from a well-known company. Clicking links may allow the scammer to install spyware to your computer or device.

How to report fraud

If you suspect you’ve been a victim of one of these types of phishing scams, or have noticed unusual or unauthorized activity on your account, call us immediately and contact your Ameriprise financial advisor.

  • Call 800.862.7919 and request to speak to a representative.
  • Monday to Friday: 7 a.m. – 9 p.m. CT
  • Saturday to Sunday: 7 a.m. – 7 p.m. CT 

We’re committed to protecting your information

At Ameriprise Financial, we’re committed to protecting your online security. Our efforts are backed by our Online Security Guarantee, which covers 100% of the value of losses in your Ameriprise® account(s) due to unauthorized online activity, if we conclude that losses were incurred from your account through no fault of your own.

For more information about the steps you can take to help protect your account and personal information from the kinds of phishing scams listed above, review How you can protect yourself in the Ameriprise Financial Privacy, Security & Fraud Center.