How to Protect Yourself from Phishing (pronounced: fishing) Scams

By Bryan Bardwell, Oxford’s Security and Privacy Officer

Don’t get hooked by crooks! Our latest blog post outlines several ways to avoid online scams.

Even in the relative safety of our homes, the world can be a dangerous place. Scammers will attempt to trick you and steal your personal information through various means, such as deceptive phone calls, going through your trash, or with fake emails, just to name a few.

In the digital age, one of the most dubious online scams is known a “Phishing”. Thieves send an email to target victims, often to thousands of people at a time. On the surface, the email appears to be a legitimate contact attempt, but is really a fraudulent message. When links within the e-mail are clicked or an attachment is opened, it triggers computer scripts that automatically download a virus or malware onto your computer. These viruses can capture personal information, such as your User ID and Password logins, bank details, Social Security numbers and credit card account information.

Phishing is a huge threat to homes and businesses because of the vast amount of important information most users store on their computer(s). They may have different messages, but ALL Phishing scams will have some sort of urgency involved in the message, such as: If you do not confirm your User ID and Password by 4pm, we will be forced to lock you out of your computer.

How To Avoid Phishing Scams 

  1. Scan your e-mails carefully and look for grammar mistakes and other inconsistencies.
  2. Verify the email sender’s address to confirm it was sent from a legitimate source. Most phishing scams will try to fool you with similar email addresses, but the email domain name (e.g. Bob@xyzbank.com) should match the web address of a real company.
  3. In addition, secure websites that require a login will all begin with https:// – That “s” indicates the site is Secure. (For example, Gmail’s email server is https://mail.google.com/mail).  Always look for https:// if you’re asked to enter a User ID and Password to access a website.  Legitimate secure sites will include all banks, credit card companies, and other email providers (such as Outlook, Yahoo, and Hotmail), as well as shopping websites like Amazon, Target, Walmart, EBay etc.
  4. Email fraud can be the easiest of all thefts – by simply adding Click Here somewhere in the email text, many victims are enticed to click on the link, and are then directed to a website that is not legitimate. The fake website may have similar graphics or logos to a real company, and will ask for your User ID, Password or to verify personal details. If you comply, it could compromise your computer. But there is an easy way to see through this type of click-through scam: To view the web address behind a “Click Here” link, hover over the link with your mouse without clicking it. A small window will pop up with a URL, such as https://www.xyzbank.com, as shown below.
  5. If you suspect that an email is a phishing attempt, play it safe – DO NOT open any attachments or click any links.

Hover your pointer over a link to see the destination website address.

What to Look For

Here is an example of a Phishing email:

Example of a Phishing email

What are the RED flags in this Phishing email?

  • Look for inconsistencies in the From: – is it a legitimate email address?
  • Check for an attachment. It will appear under the Subject: DO NOT open if you are unsure of who is sending you this information. Be very careful of .zip file attachments in any email.
  • Hover over Click Here to see the website where the link will take you. If you see a number or “http:” instead of “https:”, DO NOT click links or go to the site.
  • Note that there is no personal sender information (name, address, phone, email) signature in the email.

Failure to notice these telltale signs could result in “Phishers” gaining access to your private account information or other personal data.

Other Resources

To help combat Identity Theft, the Internal Revenue Service offers “Seven Steps for Making Identity Protection Part of Your Routine”.

  1. Review your credit card and baking statements carefully and often. Neither your credit card, bank or the IRS will send you emails asking for sensitive personal and financial information, such as asking you for updates to your account.
  2. Review and respond to all notices and correspondence from the Internal Revenue Service.
  3. Review each of your three credit reports at least once a year. Visit annualcreditreport.com to get your free reports.
  4. Review your annual Social Security income statement for excessive income reported. You can sign up for an electronic account at SSA.gov
  5. Shred any documents with personal and financial information.
  6. Review your health insurance statements; look for claims you never filed or care you never received.
  7. If you receive any routine federal deposits such as Social Security of VA benefits, you probably receive those electronically. You can use the same direct deposit for your federal and state tax refund which is safe and secure.

TRICK OR TREAT? How to Know When You Are Being Scammed.

jackolanternsBy Pam Gennings, Executive Director Special Projects*

According to the National Council on Aging, financial scams targeting seniors are so prevalent these scams are now considered the “crime of the 21st century.”

Why target seniors? Many believe seniors have a lot of money sitting in their bank accounts; and unfortunately, financial scams often go unreported or can be difficult to prosecute. This is why financial scams are often considered a “low-risk crime.”

Scammers are out to make a quick buck and target wealthy and low-income seniors. It’s very sad, but family members perpetrate many financial scams.

To help protect you or a loved one from getting TRICKED, the National Council on Aging provides a list of the Top 10 Scams that Target Seniors.

Medicare/Health Insurance Fraud

In these types of scams, perpetrators may pose as a Medicare representative to get older people to give them personal information, or they will provide bogus services to elderly people at “makeshift” mobile clinics, then use the personal information they provide to bill Medicare and pocket the money.

Counterfeit Prescription Drugs

Counterfeit drug scams operate on the Internet where seniors go to find better prices for specialized medications. This scam is growing in popularity and has potential to cause physical harm. Besides paying money for something that will not help a person’s medical condition, victims may purchase and consume dangerous substances.

Funeral & Cemetery Scams

The FBI warns about two types of funeral and cemetery fraud perpetrated on seniors. In one approach, scammers read obituaries, call or attend the funeral service and take advantage of a grieving widow or widower by claiming the deceased has an outstanding debt with them. Scammers will try to extort money to settle fake debts.

Disreputable funeral homes will add unnecessary charges to a bill to capitalize on family members unfamiliar with the cost of funerals. One common scam is a funeral director will insist that a casket, usually one of the most expensive parts of a funeral service, is necessary when performing a direct cremation, which can be accomplished with a cardboard casket rather than an expensive display or burial casket.

Fraudulent Anti-Aging Products

Older Americans are seeking out new treatments and medications to maintain a youthful appearance, and scammers are ready to pounce. There is big money in the anti-aging business.

Telemarketing

The most common scheme is when scammers use fake telemarketing calls to prey on older people, who as a group makes twice as many purchases over the phone than the national average. With no face-to-face interaction, and no paper trail, these scams are hard to trace.

The pigeon drop: a con artist tells an individual a large sum of money has been found and he/she will split it if the person will make a “good faith” payment by withdrawing funds. Often a second con artist is involved posing as a lawyer, banker or some other trustworthy stranger.
The fake accident policy: the con artist gets the victim to wire or send money on the pretext that the person’s child or another relative is in the hospital and needs money.
Charity scams: money is solicited for fake charities. This scam often occurs after natural disasters.

Internet Fraud

While using the Internet is a great skill at any age, the slower speed of adoption among some older people makes them easy targets for automated Internet scams. In this scam, seniors receive email messages, which appear to be from a legitimate company or institution, asking them to “update” or “verify” their personal information.

Investment Schemes

A number of investment schemes are targeted at seniors looking to safeguard their cash for their later years. Investment schemes like Bernie Madoff’s pyramid scheme have long been a successful way to take advantage of older people.

Homeowner/Reverse Mortgage Scams

Scammers like to take advantage of the fact that many seniors own their homes. The reverse mortgage scam has increased in recent years. There are legitimate secured reverse mortgage companies; however, unsecured reverse mortgages can lead property owners to lose their homes. It is important to do your homework!

Sweepstakes & Lottery Scams

We hear about these all of the time. A scammer informs someone that he/she has won a lottery or sweepstakes and needs to make some sort of payment to unlock the supposed prize. Scammers will often send a “prize” check that the senior takes to the bank for deposit. The scammer knows the deposit will show up immediately, but it will take a few days before the check is discovered as a fake. While the check is clearing, the scammer will collect money for supposed taxes and fees. The scammer pockets this money while the victim’s “prize money” is removed from his/her account as soon as the check bounces.

The Grandparent Scam

The scammer will place a call to an older adult and when the “mark” picks up the scammer will say something along the lines of: “Hi Grandma, do you know who this is?” When the unsuspecting grandparent guesses the name of the grandchild, the scammer has established a fake identity. The “fake” grandchild will usually ask for money to solve unexpected financial problems.


If you suspect you have been the victim of a scam, don’t be afraid or embarrassed to tell someone you trust. You can turn to the police, go to your bank if money has been taken from your account or seek help from adult protective services. In Missouri the adult protective service toll free number is 1-800-392-0210. To find the adult protective service contact information in other states, call the Eldercare Locator, a government sponsored resource line, at 1-800-677-1116 or at www.eldercare.gov.

*Pam Gennings has a Bachelor’s of Arts and has worked in the field of Geriatric Social Work and Care Coordination for more than 30 years. She started working for Oxford HealthCare in 1993. During the course of her career she has helped thousands of people find resources to remain in their homes as well as provided guidance to families that were facing difficulties with their aging loved ones.