Phishing Scams
Now that phishing scams are part of everyday life, it is important that you know how to spot one and avoid becoming a victim.
Overview of Phishing Scams
Phishing scams are just another attempt to get valuable information. Scammers send a mass email to every address they can find. Typically, the message will appear to come from a bank or financial institution. The email states that you should update your information for one reason or another, and they usually provide a link that you can click to do so.
This all sounds reasonable and it may look legitimate, but phishing scams are anything but legitimate. The link provided does not take you to the financial institution’s website. Instead, you would be submitting your information to a fraudulent website run by the scammers.
Why Scammers Use Phishing Scams
Why would somebody do this? Well, one can gather a lot of critical information with a phishing scam. First, the scammer can get somebody’s account number and password, after which they can try to hijack the victim’s assets. Some phishing scams ask for all personal information (SSN, mother’s maiden name, date of birth, etc.) so that the scammers can steal the identity and open credit accounts in the name of the victim. Some victims of phishing scams have given up their credit card numbers only to find that the card was used fraudulently.
Why People Fall for Phishing Scams
Anybody can be tricked by a sophisticated phishing scam. Simple phishing scams are easy to spot, but the best scammers are actually pretty smart. They use a variety of tricks to make the phishing scam look like a legitimate process. For example, they might use a graphic or logo from the bank right on the email message or website. Or, the link provided in the email may look like it goes to the bank’s website when the victim is actually sent to a very different site.
How to Spot Phishing Scams
It is often very easy to uncover a crude phishing scam. For example, don’t click on any link or provide any personal information if you get an email from a bank at which you have never opened an account.
Now, if you receive an email that purportedly originates from an institution with which you actually do or did have an account, the content of the email may warrant further scrutiny in order to determine if it may be a phishing scam. For example, are words misspelled? Sometimes, scammers operate in a second language and they give themselves away by using poor grammar.
You should also examine the link provided. Does it really go where it appears to go? A scammer may tell you that they are giving you access to the government’s Top Secret Database at https://www.TopSecretDatabase.gov, but you are routed to a different site once you click on the provided link.
The best way to avoid becoming a phishing scam victim is to use your best judgment. No reasonable financial institution will email you and ask you to input all of your sensitive information. In fact, most institutions are informing customers “We will never ask you for your personal information via phone or email.” Note: For the record, Los Angeles National Bank will never request personal account and password information via email or telephone.
Advice for Victims of Phishing Scams
If you fall victim to a phishing scam, you must be extra vigilant about your credit and bank account information. First, contact your financial institution to advise them of the incident, as they will likely want to pursue the scammer and/or monitor your account more closely. Next, put a fraud alert on your credit report by contacting one of the major credit agencies. Finally, you should keep a close eye on your mail and your credit and bank accounts. If statements stop showing up or if you see unusual activity, call your bank or credit provider immediately.
How You Can Prevent Phishing Scams
If you receive a suspicious email, report it. You can forward the suspicious item to the US Federal Trade Commission at spam@uce.gov or you can click the “Report as Junk”(or similar) button on your email program.
Vishing Scams
When you are online and somebody asks you to “update your account information,” you probably don’t even think twice. It’s a scam 99% of the time. But what if you get a phone call? Do you assume those are fake as well?
High-Tech Scheme, Low-Tech Tool
Scammers are increasingly using a low-tech tool – the telephone – to perpetrate scams. They can set up a system to automatically dial a long list of phone numbers and then program the recorded message to solicit for account information. Often, the scammers mask the number that shows up on caller ID to make the incoming call look legitimate.
Vishing
This form of fishing for valuable information is called “vishing,” which is a variation of the term “phishing” – the “v” stands for voice. We can sometimes be less guarded when a phishing attack comes through the phone lines.
Don’t Get Snagged
To protect yourself from vishing, use some of the same techniques you would use to avoid phishing scams. Don’t give information to anybody unless you are certain you know with whom you are dealing. If you get a phone call regarding one of your accounts, hang up and call the institution. Dial the number that appears on the back of your credit card or on your statement to ensure that you have contacted the correct company before allowing them to provide you with assistance on your account.
Spear Phishing
Most people have heard about phishing – practice of using fraudulent emails to gain access to personal information for the purpose of identity theft.
The term phishing was coined because of the way that criminals try to gain access to personal information; basically, they cast out a bunch of bait in the form of fraudulent emails and wait to see who bites. But like any activity, an occasional update in the process is needed. Spear phishing is more targeted.
Whereas criminals might send a single, mass email to a couple of hundred thousand people in a phishing attack, spear phishing attacks are customized and sent to a single person at a time. Just as a fisherman would use a spear to target a single fish, spear phishing targets individuals.
The spear phishing email usually contains personal information such as a name or some tidbit about employment. They are also unique emails, rather than being the mass “your bank account has been compromised” type emails that are more common in phishing.
How it Works
A spear phishing email usually includes a link that leads to a spoofed, or fake, website that requests personal information. It all looks very legitimate, and sometimes even the experts are fooled by spear phishing emails. When the recipient of the message clicks through the link they are taken to a page on the Web that looks so legitimate it can be hard for even seasoned security professionals to tell it’s a setup.
Other spear phishing emails may contain a downloadable file. They’re just as convincing, often appearing to come from an employer or someone else that’s equally legitimate. But the file contains malware of some kind that, once downloaded to your computer, collects your personal information and transmits it to the criminal when you’re online.
Spear phishing is a difficult scam to catch because the criminals that use this method of stealing identities put extra time and effort into the process. It requires research to gain access to enough information to make you believe the spear phishing email is real, plus it takes time to put together the web sites and messages that are used as bait. The pay-off, however, is usually much greater than the rewards of a simple phishing attack.
So How Do You Protect Yourself?
There is no guarantee that you can protect yourself from a spear phishing attack. The criminals that use this method are intent on gaining access to your identity, and they’re willing to put in the hard work needed to reach a pay-off. And that means that spear phishing emails are very difficult to differentiate from any other email that you receive.
At this time, spear phishing attacks seem to be aimed at mostly corporate targets.
As criminals become more adept at spear phishing attacks, their targets will widen and individuals will fall into the target zone. Once individuals are targeted, it is most likely that attacks be limited to the upper or upper middle class, as these groups of people typically possess the resources being sought by the spear phishers.
For a criminal to be willing to put forth the effort needed to successfully use a spear phishing campaign, the draw has to be big – far more than the $31,000 average for most identity theft cases. If one does not fall into this upper or upper middle class category, the chance of becoming a victim of spear phishing is small.
Of course, all of the standard cautions apply: Never open attachments from strangers; never click through a link in an email; and, never assume that an email is safe just because you know the address from which it originated. In this day, identity theft runs rampant and criminals will use whatever email address to which they can gain access.
Also, never open an attachment, even from friends, colleagues, or co-workers unless you’re expecting it. An email with an attachment that arrives unexpectedly could certainly contain malware, even it it’s not spear phishing malware. Simply requesting that your friend and co-workers notify you before they send an attachment will reduce your risk of become an identity theft victim.
SMiShing Scams
SmiShing scams are similar to phishing scams. You get a message from a bank or service provided asking you to do something. However, the SmiShing is really a message from a scam artist. While most people are familiar with email phishing scams, they’re less skeptical when receiving SmiShing messages.
How SmiShing Works
SmiShing scams often direct you to visit a website or call a phone number. If you dial the number, you’ll be asked for sensitive information like a credit card number. If you visit the website, it may attempt to infect your computer with malware.
Scammers continually get more and more creative. Most consumers are savvy enough not to fall for the usual “we need your bank account password” email. However, a text message seems less threatening.
Instead of just trying to get money from you, like in cashier’s check scams, SmiShing schemes often just try to get information such as credit card numbers. Then they use the information to conduct fraudulent transactions or sell the information to others.
What You Need to Know About SmiShing
If you get a suspicious message, don’t fall for it! Do not open any attachment or click on any link. Rather, initiate a telephone call to the bank or company involved using a telephone number that you know to be real, such as from the bank’s website or from the back of your monthly account statement. If you get a message about some “service” you signed up for and will have to cancel, search the Internet for other reports of the same message to ascertain if it has already been reported as being fraudulent.