Recently, a local woman found herself on the receiving end of a new scamming technique that is the latest twist of the email “phishing” scheme, called “smishing,” which is when the victim receives a text message or automated message from a trusted source, such as bank or Paypal, claiming there is an issue with their account.
The woman was not alone as scammers have been working overtime to find new and more devious ways to steal other people’s hard-earned money.
According to Consumerreports.org, “smishing” works because people don’t generally give out their cell phone numbers and assume if someone has their cell phone number they must be someone who is authorized to have access. This is not true as these high-tech thieves simply use a random-dialing telemarketing service to hit your number. Credit unions members are targeted because the call-back number has a local area code, rather than a 1-800 number, which lends an air of legitimacy to the scammers.
Never respond to any text alert about an account without verifying the source. A Google search of the number is a quick and easy way to cross-reference that the number matches the institution, but the best way to verify the number is to actually call your banking institution and talk to a customer service representative.
In an effort to educate its customers, AT&T issued information in regards to this rapidly growing issue.
“Phishing” scams, also known as “brand spoofing” or “carding,” are tricks Internet scammers use to “fish” for consumers’ financial information and password data using fake company emails and websites. The scammers send emails that appear to be from well-known companies, containing links to web pages disguised to look nearly identical to legitimate companies’ sites.
These scams can travel beyond your computer. “SMiShing” is a term used to describe phishing carried out via text message. SMiShing uses cell phone text messages to bait you to divulge personal information. You might receive a text that asks you to call an unfamiliar phone number, go to a URL to enter your personal information, or download software to your phone. If you access the URL in the text message or download any software to your device, you may be installing a virus on either your PC or your wireless device.
Tips to Stay Safe Online and On-The-Go
How to Identify Scams:
• Be wary of any email requesting personal and/or financial information. AT&T does not send email requests to customers asking for personal account or credit card information. Most other reputable organizations do not either.
• If you receive an email message that appears to come from AT&T and asks you to provide your email ID, email password, social security number, or other personal information, do not reply to it and do not provide your account information or password. Simply delete the email or forward it to firstname.lastname@example.org.
• If you receive a text message that asks you to call a number you don't recognize or go to a web site to enter personal information, do not select the link embedded in the message. Simply delete the text message.
• To report spam received on your phone, text us the actual spam message to short code 7726 (SPAM) to start an investigation.
For other organizations, call before responding to any email that asks for personal information. They should be able to verify with you on the phone whether the email is legitimately from their organization.
Tips to Protect Yourself:
• Be aware that email headers can be forged easily, so the posing sender may not be the real sender.
• In your browser’s address bar, make sure that the website's address begins with “HTTPS,” and that a lock icon appears. You can click the icon to view security information and certificate details.
• Realize that Internet scammers can create realistic forgeries of websites, so avoid clicking on links in an unsolicited email message. Go directly to the company's website and fill out information there or call the company to verify that they are seeking information from you.
Report Fraudulent Emails:
Contact the company named in the email to confirm whether it sent the request. Most companies do not ask customers to confirm personal information by sending an email.
Forward the suspicious email to the Federal Trade Commission at email@example.com.
You can also report the problem to law enforcement agencies through NCL's Fraud Center, www.fraud.org.
AT&T offers additional tips and tools on www.att.com/safety. More information is also available through the Federal Trade Commission, Anti-Phishing Working Group, the U.S. Department of Justice, Consumer Action and Consumer Affairs websites.