Email phishing refers to fraudulent emails that typically appear to come from trusted individuals or legitimate businesses such as financial institutions, insurance companies or retailers and often include seemingly authentic logos, look-alike email sender domains, as well as links or graphics that look genuine.
Fraudsters engaging in email phishing may attempt to deceive you into downloading an attachment or clicking on a link within the message that will download malware onto your computer to illicitly obtain personal and financial information. These links may also redirect to legitimate portals, such as Microsoft Office, where they will ask you to enter your account credentials.
What to watch for:
- Sense of urgency. Phony phishing messages try to ‘bait’ you with an urgent situation requiring you to take immediate action. Watch for clickable links to ‘update’ or ‘validate’ personal information. Additionally, be cautious of any emails that appear to use current news events (like a natural disaster or geopolitical tumult) to solicit donations.
- Spelling or grammatical errors. It’s rare for a well-known company to have spelling and grammatical errors.
- Suspicious links. Be wary of links in emails. It’s always safest to go directly to the company website and log in to your account.
What to do if you suspect an email is a phishing scam
- Do not click on any attachments or links in the email, or take any action requested within the message.
- If the email is sent to a work account, follow their protocol for reporting phishing attempts.
- If the email is sent to a personal account, delete it and follow up with the purported sender directly. For example, if the sender appears to be a company, visit the company’s website directly to check on your account activity.
- Log in to accounts using 2-Step Verification when possible.
How to report email fraud or phishing to Ameriprise
If you suspect you’ve received a fraudulent email from someone posing as Ameriprise, please:
- Forward it to us immediately at: firstname.lastname@example.org.
- Do not remove the original subject line or change the email in any way when forwarding.
- Watch for an auto-generated reply to let you know we’ve received your email. If we confirm the email is fraudulent, we will take appropriate action immediately.
- If you provided your account information to a request you suspect may have been fraudulent, call us immediately at 800.862.7919.
Text message phishing
Text message phishing – also known as “smishing” – refers to fraudulent messages sent via text or through other mobile-friendly communication platforms, such as Instagram direct messages, WhatsApp or your LinkedIn mailbox. Like email phishing, scammers conducting text phishing attacks aim to steal their victims’ personal and financial information.
What to watch for:
- Fake email address. Most companies use a short code to send text alerts, not an email address. Emails may be from a look-alike domain and not a legitimate firm or company.
- Suspicious links. The URL should include the company name and website domain (ameriprise.com, for example). Always be cautious of shortened URLs from services (bit.ly or tinyurl.com, for example).
- Urgent or threatening message. Messages are written to try to ‘bait’ you with an urgent situation that requires you to take immediate action. If the text contains a threatening message, it’s probably a scam.
What to do if you suspect a text phishing scam
- Be wary of links sent through text messages.
- If the text message seems suspicious, do not respond.
- Visit company websites directly to check on your account activity.
Voice call phishing
Voice call phishing (also known as “vishing”) is when a fraudster attempts to deceptively extract an individual’s personal or financial information through a phone call.
What to watch for:
- Personal information requests. Ameriprise Financial, government agencies, and other bank and financial companies will not call you unexpectedly and ask you to provide personal information like passwords, account numbers, or Social Security numbers.
- Remote access requests. Never give anyone remote access to your computer unless you have contacted them. Be wary of popups on your computer screen asking you to download software. Tech support from legitimate companies will not engage you this way.
- ‘Local’ phone numbers. Phone numbers can be spoofed. Be cautious of unfamiliar phone numbers even if they appear to be local.
- Sense of urgency. Like in the case of email or text phishing, vishing messages try to ‘bait’ you with an urgent situation requiring you to take immediate action.
What to do if you suspect a phone call is a phishing scam
- Don’t answer. Let calls from unfamiliar numbers go to voicemail.
- Block phone numbers on your mobile phone that call repeatedly for a fake business reason.
- Be wary of links sent to you from the caller even if they seem like they are from a well-known company. Clicking links may allow the scammer to install spyware to your computer or device.