Phishing isn’t funny. The sophistication of those trying to use the scam to steal your valuable information is growing on a daily basis. There is little doubt that you (and I and your best friend) will receive at least one phishing email in 2012. After all, scammers send over 7 trillion fraudulent emails and text messages a year. Yes, 7 TRILLION!
Alan Wlasuk, CEO of 403 Web Security, compiled a list of ten tips that can help avoid falling prey to phishing and smishing scams. And here they are…
Consumer Advice – Avoiding Phishing and Smishing Schemes
If you own a cell phone or a computer you’re a target. If you text or email you’re a target. If you live in the 21st century you’re a target.
You’re a target because scammers will have sent over seven trillion fraudulent e-mails and text messages in 2011. Whether you like it or not, your email address and cell phone number will end up in a scammer’s cyber database before the end of the year. Your email address and cell phone number will be sold and resold (along with millions of others) on the cyber black market.
So, unless you live on a commune in the pine barrens of New Jersey, you’ll receive at least one fraudulent email or text message in the near future.
The schemes looking to separate you from your money or identify are called phishing, smishing and spear phishing (the targeted version of phishing). Phishing schemes are email messages that lure you into fraudulent websites or directly enter your personal data into the email itself. Smishing is similar to phishing except it uses your cell phone’s text message (Smishing is derived from SMs phISHING). And spear phishing takes advantage of any financial working relationship (i.e., bank, retail store) you might have to craft a phishing email that seems to come from the bank or store you have been doing business with for years.
With the help of the FBI (yes they are your friend and they do publish fraud alerts) I’ve compiled a list of ten tips that you can use to avoid becoming a victim of phishing and smishing scams.
1. If an email or text opportunity it looks too good to be true, it probably is – Scammers are still sending out emails about a dethroned foreign prince who needs help in recovering his family fortune (he’s not really a prince you know). Prescription medications available at 75% off may not be the real thing. Keep in mind you did not suddenly become lucky just because you now have an email address.
2. Do not respond to unsolicited (spam) emails or text messages – A trick of the email and text spammer trade is to send out emails and text messages to random, but potentially valid email addresses and text phone numbers. For example, the chances of there being a real person at the end of the BobJohnson@gmail.com email address is very good; so is BobJohnson1970@yahoo.com. If you get a spam email and reply (as if anyone cared about your outrage of receiving a free singles club pass) it just alert the spammer that they have hit on a real email and a person who reads spam. Your address will get put on the ‘possible target’ list, will cost more the next time it is sold and get tested a lot more.
3. If you think an email or text is real, contact the actual business that supposedly sent the email or text to see if it is genuine – If the 60” Sears lawn tractor at 50% off really excites you, give Sears a call. Even if the promotion can only be accessed via the link in the email or text there should be someone at Sear who can tell you if the promotion is valid; you can always go back to the email or text if Sears confirms it.
4. Be very careful of any email or text message that stresses urgency – If someone is telling you that you need to act immediately in order to take advantage of a great deal, it is probably a scam. Scammers know urgency tends to cloud our sense of judgment, making us react without thinking clearly.
5. Don’t fill out forms contained in e-mail messages, particularly forms that ask for personal information – A legitimate business or organization will never collect private information via emails. While websites can protect the privacy of data being transmitted from a web form to the server (via SSL), data transmitted in an email will not be private and may be seen by any number of people along the way.
6. Always compare the link in the email with the link to which you are directed and determine if they match and will lead you to a legitimate site – This is a really tricky scam that will fool almost anyone. When you see a link in an email (or even a website), the actual URL that clicking that link will take you to may not be the same as what you see in the email. For example, the link that I think is to my bank, www.regions.com, may actually take me to www.regoins.com (note the ‘io’ in regions that has been changed to a ‘oi’). If the scammers have set up a look-alike website at this new, but fraudulent www.regoins.com location, you will probably get far enough into the site to enter your Region login information before being told the site is down. The scammers will use that login information on the real Regions website and extract as much cash as they can.
7. Verify any requests for personal and financial information by contacting the business or bank using the main contact information – Valid business almost never solicit private via email, even if it is to send you to their website. Call the business or bank and make sure the request is real; then, if really required, provide the information over the phone.
8. Be especially careful of emails and text messages that you get from business and financial institutions – Spear phishing (fraudulent emails coming from business and bank you have worked with for year) scams are increasing dramatically and are amazing effective. There have been several large data breaches (i.e., Epsilon) that have provided scammers with not only your email address and phone number, but also the name of businesses and banks you frequent. Each of these pairs (email address and business name) is a spear phishing scam waiting to be sent.
9. Be cautious of emails that contain attachments – While we don’t hear so much about email viruses these days, they still exist and are craftier than ever. The days of destroying your hard drive or sending rude emails to all of your friends are over; a virus (or malware) will install a program that will sit silently on your computer and report everything you do to a malicious hacker sitting thousands of miles away.
10. Never click on a link in an unsolicited email or text message – This is a variation of the email attachment scam. The email virus threat that terrorized the Internet a few years back has been replaced with malware (malicious software) that may be silently run on your computer when you browse to certain websites. While you may run into malware even on respectable websites (a different conversation about web security) you dramatically increase your chances by clicking on links provided by unknown sources.
We live in an electronic age where almost everything we do revolves around our phones, computers and tablets. We are used to instant action via email responses, a few clicks on a website or a call while driving in the car or eating dinner. As Americans, we are used to the ‘easy way’, trust more than we should and expect some higher power (i.e., the government) to keep us out of harm’s way. We are getting scammed at ever increasing rates because cyber fraud is a billion dollar business and we do make it so easy to rip us off.
My advice is to verify, then trust (not the so often quoted trust and verify). As you may have picked up from my previous articles and blogs, my New Jersey upbringing still causes me to pick up my Midwest wife’s purse when she leaves it on the church pew to talk to friends. To each of you who live on the Internet, remember you’re not in Indiana anymore.