I’ve blogged a lot about protecting yourself when receiving an email with suspicious origins and content. Today I received a very useful email from Quicken that I wanted to share with you to build awareness about scams to steal your identity online:
Your security and privacy are important to us. We want to remind you of an increasingly common form of cyber-attack — phishing. Phishing attacks are widespread in our industry and we do not want you to be victimized.
Phishing is the fraudulent practice of sending emails that appear to be from a reputable company with the goal of getting you to share sensitive information. Often, the targeted information includes login credentials, credit card information, bank account details, or other personal information.
You may be less familiar with spear-phishing, which is a highly targeted form of phishing. Unlike a general phishing attack that casts a very wide net (sending generic, mass emails), a spear-phishing attack is personalized with specific details about the message’s recipient.
Spear-phishing attackers may gather personal information from your social media accounts or the dark web to create messages that appear to come from trusted sources—like companies or even individuals that you know. They use these personal details to trick you into taking an action that could cause you to share even more personal information. Most frequently, the attacker suggests clicking a link or downloading software that contains malware or spyware which could compromise your personal and account information, potentially including financial and banking accounts.
Here are some tips to check if a Quicken email or text is legitimate
- Hover over the “from” address to see the full email address and make sure it is one you recognize and trust. Look for domain names that are slightly different or misspelled. For example, an attacker might send emails from domains like quicken.ml, quickenfinance.com, or possibly a slight misspelling like quickn.com. Our email and web links will always be from the “quicken.com“ or “simplifimoney.com“domains.
- Our official support contact information is at quicken.com/support. If you get a call that you feel is suspect, offer to call them back at our support number found at quicken.com/support (650-250-1900).
- We will never ask you to send sensitive information such as passwords, bank account information, social security numbers, date of birth, or medical information in an email, chat session, or support call.
- We will never ask you to type your username or passwords into any website, outside of the “quicken.com“ or “simplifimoney.com“websites, web apps, or within the Quicken software or Simplifi app.
More ways to stay safe
- Do not click on links or attachments in emails or text messages from senders that you do not recognize. If you hover over a link in an email, you will be able to see the location where the link will take you. Often, a link is suspect if it is long, confusing, contains typos, or mentions domains you do not recognize.
- Be especially wary of attachments like .zip or .pdf and particularly of executable file types (like those that end in .EXE). If you do not know the sender personally, you should never download or click these attachments.
- Do not provide sensitive personal information (like usernames and passwords) over email.
- Do not fall for messages that claim to be “urgent” or “time-sensitive”. Often, scammers will try to scare you into sharing your personal information. Always take time to verify the identity of the requester and remember that Quicken and other reputable businesses will not ask you to provide sensitive information over email or over the phone.
- Pay attention to even seemingly harmless requests. A common ploy scammers use is emailing you a link to do something like change your account password. The link, in reality, will download malware or spyware.
- Do not open any document that you’re not expecting to receive.
- If you can’t tell if an email or text is legitimate, err on the side of caution and delete it. You can always call the business directly with any questions or concerns.
To learn more about phishing and keeping yourself safe:
- How to Recognize and Avoid Phishing Scams (Federal Trade Commission)
- Protect yourself from Phishing (Microsoft)
- Scams & Fraud: Phishing (AARP)
Your security is important to us. If you ever have any questions, please call us at 650-250-1900.
Pehr Lawson, VP Customer Care or The Quicken Team