Don’t Know The Difference Between Phishing, Vishing, and Smishing?
No, there really isn’t a bank account containing a gazillion dollars waiting for you to claim it. Nor is your computer suddenly urgently in need of tech support. And the charity asking to you to help provide sunglasses for cats isn’t a real thing.
Unfortunately, cyber-enabled fraud continues to be on the rise. According to the Federal Trade Commission, the number of identity theft cases more than doubled in 2020 from the prior year.1 Many of the latest scams revolve around “social engineering” — using a false pretense to convince individuals to share personal information. The information may seem rather innocuous, and a victim might think there’s no harm in sharing it, but it could be deviously deployed later to initiate an attack. Requests for this type of information, regardless of how seemingly urgent, charming, or threatening the circumstances outlined by the fraudster, should not be trusted.
To that end, be on the lookout for suspicious emails, phone calls, text messages, and social media posts that demand immediate action. Some examples include:
Phishing starts with an email that often looks like it’s from a trusted or legitimate source. The email will ask you to do something—usually click on a link or download an attachment, which will enable “malware” to infect your computer. This can also happen on social media messaging platforms, like Facebook Messenger. Never click on a link or attachment from unsolicited sources, and make sure that you don’t share personal information.
Vishing is a similar tactic, but via a phone call. A scammer poses as a representative from a reputable organization, one with which you probably do business in some capacity, and encourages action by expressing a sense of urgency. Never respond to a call like this; a better option is to call the organization back via a trusted or publicly available phone number (i.e. not one provided by the caller).
SMiShing is essentially the same ploy, but via text message (hence the “SMS” in the name). Never click on unknown links embedded in a text message, especially from a sender you don’t recognize.
Tax Scams are quite common, and can strike fear in the hearts of even savviest among us! If the caller claims you owe back taxes which can be paid via a wire transfer, prepaid card or gift card, that’s a dead giveaway that it’s fraud. The IRS will only contact you via email, and will never ask you for money, suggest payment options, or threaten to sue you or lock you up.
Computer Tech schemes play on our frustration with and dependence on our computers and other devices by telling you that there’s a problem with your computer, etc. This is not legitimate; the caller is essentially hoping you will grant access and thereby allow your device(s) to get infected with malware.
Charity Fraud is especially awful since any donations go to cybercriminals instead of an actual worthy cause. These scammers use names similar to those of well-known organizations. If the cause is of interest to you, take notes and do your own research independently. If it turns out to be legitimate, you can always donate afterwards online, or by sending them a good old-fashioned check.
Identity Theft is a real hassle, and can be accomplished by criminals using cyber methods likethose detailed above, as well as more “old fashioned” methods like:
- Stealing your mail, purse, or wallet.
- Stealing data from an unsecured website that you visit.
- Stealing personal information from records left at work or from your home.
- Going through your trash and finding personal data about you.
The solution? There are several things to keep in mind at all times:
- Never divulge credit card information or other personal identifying information online or over the phone unless you initiate the communication.
- Protect your Social Security card and other personal documents that include the number in a safe place, and don’t carry your Social Security card unless absolutely necessary.
- Protect your computer with malware protection and firewalls. Make sure the software is always active and updates automatically. Encrypt your sensitive documents — tax records, for instance — with a strong password. Change your passwords regularly and choose unique ones for individual accounts.
- Regularly reconcile your financial statements, (this is good financial hygiene anyway!) and notify your bank of any discrepancies immediately.
- Monitor your online accounts regularly, reporting unauthorized transactions to your bank, credit card company, and law enforcement; and review your credit report annually, notifying the credit bureau in writing if you discover any questionable entries.
By making these rules of thumb your automatic response, you will be able to detect bad actors and protect yourself from their nefarious schemes.
ALWAYS verify that the caller is legitimate by verifying the phone number or website via an independent source (i.e. call the bank back from the phone number on the back of the debit card rather than the number the caller provided.)
NEVER click on links, download information, or provide access to your accounts and/or devices to anyone unless you are 100% sure of who it is or have initiated the contact yourself.
ONLY share personal information if you initiated the contact.
Armed with heightened awareness of the scams in play, and a playbook of how to best protect yourself, you should be well-equipped to keep fraudsters at bay. As always, if you have any questions or concerns, please don’t hesitate to reach out to us!
Sources:
1 https://www.aarp.org/money/scams-fraud/info-2021/ftc-fraud-report-identi...
Recognizing and Avoiding Online Scams Tracking # 1-983954
Gone Phishing: Protecting Against Online Attacks Tracking # 1-05081749
Tax Related Identity Theft Crimes Tracking # 1-05124817