What is phishing?
Phishing attacks are fraudulent communications pretending to be a person or institution you trust to access your personal information. Cyber criminals are constantly trying to access private data through emails, text messages, and phone calls. These communications may appear legitimate, but they can be filled with malicious links, attachments, and other deceptive methods designed to steal your information.
You may be familiar with the term “phishing," which specifically refers to email scams. But there are more locations and tactics being used by criminals than ever, including:
- Smishing: Text messages claiming to be a business you trust that usually contain a fraudulent link
- Vishing: Phone calls that attempt to trick you into providing sensitive information, or giving access to your computer, by claiming to be a representative from a company you do business with
Tips to identify phishing and other fraud attempts
Be on the lookout for these common tactics used by scammers.
Be wary of unexpected communications
Avoid opening links or attachments in an email or text message you are not expecting. Don't answer the phone unless you recognize the phone number and are expecting the call (it’s easy for fraudsters and cyber criminals to "spoof" a phone number, and make it appear as though they're calling from a reputable organization).
Reputable businesses will not contact you to request your personal information
Fraudulent emails, text messages, and phone calls will often contain a request for personal information to obtain access to your financial assets, identity, and/or personal computer.
Verify the sender – looks can be deceiving
Sometimes, it's tricky to tell when an email, text, or phone call is legitimate, or just looks or sounds like an authentic communication. With the prevalence of artificial intelligence, it’s easy and quick for cyber criminals to craft messages with perfect spelling and grammar.
Make sure the company that is represented is one you trust, and that you’re expecting the communication.
Don't let your emotions get the best of you
If the email, text message, or phone call sounds too good to be true, it likely is. If it's attempting to play on your fear or emotions, e.g., provoking a strong sense of loss if you "don't act now", that should be a red flag.
Common types of scams
Many times, these scam attempts follow a certain playbook. Here are a few of the most common types of fraud that you may encounter.
- Grandparents scam: Scammers call or email posing as a grandchild/family member in distress who needs money (usually via gift card or cash) immediately.
- Romance scam: Criminals using dating websites, apps, or social media to build rapport and trust—and then start asking for money.
- Lottery/inheritance scams: Fraudsters send fake letters or emails telling people they must pay an up-front fee to claim the prize
- Imposter scams: A criminal calls pretending to be from Fidelity Investments or another reputable service provider, and requests you send them back a one-time passcode that the criminal has generated through fraudulent web activity, such as attempting to reset your password.
- Remote access scams: A criminal will call and claim to be from a well-known company. They’ll request access to your computer, and, if granted access, they’ll try to make you believe that you have a serious problem like a malicious software infection that you’ll have to pay them to fix. Or they may use this access to your computer to login to various accounts you have with different providers, using your stored browser passwords.
Where to report suspicious activity to Fidelity
If you receive communication that you believe is attempting to impersonate Fidelity, please email phishing@fidelity.com with:
- The suspected email as an attachment
- Your full name, email address, and phone number associated with your accounts. Do not include any account number, username, or password.
- Your yes-or-no answers to the following questions:
- Did you open any links or images within the suspected email?
- Did you enter or submit your login credentials?
Our security experts will investigate to determine if it's a fake. If it is, we'll get the source of the email and any fake websites shut down as quickly as possible. Reporting these emails helps you protect yourself - and everyone else, too.
If you are concerned your account may have been compromised, or you'd like to report some other type of security concern, please report it immediately, and call us at 800-544-6666.