Who’s in my DMs? How to spot a suspicious message


Got a suspicious-looking message? It may be a phishing scam. These best practices can help you protect your personal info.

Cyber thieves are becoming more sophisticated, making it harder to tell whether a message may’ve been sent to you as bait. And the number of phishing cases reported continues to rise each year—experts estimate that 3.4 billion phishing emails are sent each day.Disclosure 1  Luckily, there are ways you can protect yourself so you can confidently scroll and swipe through the digital world.

What is “phishing?” (Hint: It doesn’t involve waking up super early.)

Phishing is when someone poses as a person, brand, or company you trust to access your personal data, such as passwords, Social Security numbers, birthdates, credit cards, or bank accounts. Scammers will take different approaches to try to get your info—it can start with an email asking you to reset your password, claiming your account was compromised, or a friend request from a fake profile made to look like someone from your circle of family and friends. Once they have your info, they may use it to try to make purchases, transfer funds from your accounts, or open new accounts using your identity.

While phishing scams continue to evolve, cybercriminals often use the same types of ploys to lure potential victims. 

Emails, texts, and DMs, oh my! 4 common types of phishing attacks

With so much of our life online—and an estimated $17,700 lost every minute due to phishing attacksDisclosure 2—it can pay to know how to avoid phishing.

“It’s happening more frequently than people believe. But many individuals and companies don’t think it can happen to them,” says IT solutions consultant and Azureaus Technologies CEO Reginald Brown.

Brown has been in the business of protecting organizations since 2001. He says one thing his experience has taught him is the importance of staying informed.

“Companies and people need to educate themselves on what to look for when it comes to phishing attacks,” he says. “There are lots of resources out there, but you must take the time to learn about the different types of attacks. Five minutes of research can save you tons of money.”

The more you know, the easier it is to identify potential risks—and the more confident you can feel online. Pop-ups claiming you have a virus and robocalls are only the beginning—watch out for these other four types of phishing attacks:

  • Social media phishing: You know that random guy who followed you on Instagram? There’s a chance it could be a fake profile set up to target you and others in your friend circle. Social media phishing accounts sometimes have minimum traffic and lack authentic content and engagement when you dig into their profiles. Cyber thieves often pose as a relative or what appears to be a friend of a friend.
  • Email phishing: Scammers have gotten really good at creating emails that look official, posing as your bank or a retailer you shop with. They’ll claim that you need to reset your password or update your payment information, often making the matter out to be urgent. Their goal is to trick you into handing over your account information or clicking a link that contains malware. If you’re ever unsure if an email is legit, it’s important to reach out to the company that supposedly sent it to confirm.
  • Smishing: Similar to the types of messages you may receive from email or social media phishing, scammers who are able to obtain your number may also send text messages that contain harmful links or urgently request sensitive information. (Keep in mind, most financial institutions, Truist included, will never ask for your personal data via text, email, social media, or phone call.)
  • Spear phishing: A targeted scam that zeros in on people or companies with status or wealth. Typical targets include the elderly, organizations, and employees who have access to money or sensitive account information. In one common example, you may get an email at work that appears to be from one of your executives, requesting a company credit card or transfer of funds for an urgent business matter. 

Think you’re being phished? 5 steps to take

Falling victim to a phishing scam isn’t fun, but here are five steps you can take to protect yourself if it happens.

  1. Change your passwords to all your important accounts. (Here are some tips for creating strong passwords.)
  2. File a report with your credit or banking institutions. (They may also have an internal fraud investigation team that can provide an additional layer of support.)
  3. File a report with the Federal Trade Commission at ftc.gov/complaint.
  4. If someone is targeting you with a fake profile, report the profile on the site or app and inform family and friends so they know to watch out.
  5. Report phishing email cases to the Anti-Phishing Working Group at reportphishing@apwg.org. Phishing text messages should be forwarded to SPAM (7726).

If you’re a Truist client, you should call 844-4TRUIST (844-487-8478) if you think you’re a victim of fraud or think you’ve received fraudulent contact from someone impersonating Truist. You should also forward any suspicious emails to EmailAbuse@Truist.com. Visit Truist’s Fraud and Security center for additional instructions on what to do if you’ve been targeted.

What can I do today for more peace of mind?

Your best line of defense against cybercriminals is to arm yourself with knowledge (which you’re doing now) and be proactive. Consider the following:

  • Trust your instincts: Accept friend requests with care—and don’t click suspicious links, answer emails from senders you don’t know, download unsolicited attachments, or give out your personal info via email or unsecured site.
  • Secure your network: You can install firewalls, virtual private networks (VPNs), two-step authentication systems, and data security platforms that can help prevent potential attacks.
  • Update passwords and browsing software: Rotate passwords frequently to help prevent breaches. Also, update your browser when prompted—older versions could have security risks.

Following these strategies can help guard your sensitive information from online threats. Hopefully, doing so will give you a confidence boost while browsing.

This content does not constitute legal, tax, accounting, financial, investment, or mental health advice. You are encouraged to consult with competent legal, tax, accounting, financial, investment, or mental health professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.