Tag Archives: Phishing

What in the Heck is Smishing?

You’ve probably heard of “phishing” – when hackers send bogus messages to your email, hoping that you’ll reply or click a link so that they can get their hands on your information. But there’s a new version of this scheme that’s gaining prevalence, and it targets your smartphone. This scam is called “smishing” as in “phishing via your SMS (text) messages.”IMG_1698

One of the most popular smishes takes the form of a “Congratulations! You’ve won X prize from X company! Reply to this message to receive your reward!” text message to your smartphone. Do not reply to messages like this! Even if you figure out that it’s a scam and you really want to reply with something like “Go blank! your blank! you scamming blank!” – don’t do it. Yes, it would be cathartic, but the act of replying will only affirm to the smishers that your phone number is active, and you’ll receive more of this type of message (plus you’ll probably just be replying to a robot anyway, and robots are unfazed by profanity).

These “congratulations” messages, if replied to, may also ask you for your credit card information to allegedly pay for the shipping and handling costs of your prize. Never give out this information in a situation like this. Many messages like these have claimed to be from Walmart or Target. The Walmart messages have been used by smishers so frequently that at one point the company issued a statement saying that they absolutely never send consumers messages asking for sensitive information via text.

Another smish is one that will claim to be from your bank or another seemingly credible or important institution. The message will claim to be urgent and will request a reply. If you receive a text like this, do not reply via text message. Instead, look up the phone number for the bank or company and call them directly.

Other tips related to smishing prevention:

  • If a text message comes from the number 5000, it’s a smish. It’s safest to delete it without even opening it.
  • You may want to set up a text alias with your provider. This will allow you to receive and send texts, but the texts that you send will show up under your “alias” rather than your real number. It’s like having a secret phone number. Then you can block incoming texts to your “real” number and give family and friends your alias. Ask your service provider about how a text alias works.
  • Never give any sensitive information (your social security number, bank account information, etc) to anyone that you don’t absolutely trust.

Don’t let yourself get smished! If you’re receiving any messages that might be from smishers, report them to your service provider. You may also want to report suspicious messages to the Federal Trade Commission.

Sources:

http://www.nbcnews.com/technology/technolog/smishing-text-messages-seek-your-credit-card-info-947348

http://netsecurity.about.com/od/secureyouremail/a/Protect-Yourself-From-Smishing-Attacks.htm

http://learningcenter.statefarm.com/safety-2/family-1/avoid-the-dangers-of-smishing/

What’s in Your Email and What Should You Do with It? Four Favorite Schemes

download-key-logger-programIt seems that not a week goes by without having to check my spam mailbox as it fills with ever more increasing frequency.  When they said “spam” and phishing schemes where on the rise they really meant, on the rise!  I thought I would share with you my five favorites this week that you should be on the look out for.  One or two  have already hit some friends  and I wouldn’t want them to happen to you.

You Got Mail!

This phishing email message is sent allegedly from FEDEX or UPS.  You have a very important package that they tried to deliver but couldn’t.  If you could just take a minute to provide this information your VIP package will be on it’s way.   This one quite often asks for information, payment of an invoice (requiring me to open an attachment) and will include a subject like like this one,  “UPS Delivery Notification Tracking Number:EVKDBQXRTKRXN4CTMI.”

UPS offers more information on these fake emails as does FEDEX .

Report these types of messages to UPS at fraud@ups.com and to FEDEX at abuse@fedex.com

You Have WON!

So far this week I have won from a lottery that I never entered (scratch offs are about as far as I go) as well as won money from a casino I never heard of, let along gambled at.   Even the FBI got in on the act, telling me that I won $1 million!  This, of course, is different from the email I received last week where the FBI (who I’m quite sure already has quite a bit of information on me) attempted to phish for some more.

You have been Blessed!  Continue reading What’s in Your Email and What Should You Do with It? Four Favorite Schemes

Your Grandparents May Be Victims of Identity Theft

Over the holidays, I did a lot of visiting with my grandparents. When I told my grandmother that I have been writing stories about identity theft protection, she mentioned a scam that she had heard about concerning identity thieves targeting senior citizens.

New Scam

Apparently, scammers are currently trying to steal from your grandparents. The new scam preys on unsuspecting grandparents who are concerned about the well-being of their loved ones. It works like this; senior citizens are sent an email or issued a phone call saying that their grandchild is in trouble and needs to be wired money.

The email or phone call will provide an address to wire money to, which thieves promptly intercept. And just like that, grams and pops are out a chunk of retirement money.

You’re a Winner! … Or Not

Another popular scam aimed at senior citizens is one that calls them to notify them that they have won a lottery or a prize and then asks them to provide checking account information so that their prize can be deposited. Thieves then clean out grandma’s checking account. A popular name used by scammers is one that is clearly recognizable by many older people – Publisher’s Clearing House.

Easy Target

Senior citizens are often targeted to by victims of identity theft for a number of reasons. First, because they are less likely to regularly monitor their credit report. Senior citizens are also less likely to be as

someone wants to steal from your grandma.  Image provided by Flickr creative commons user Beny Schlevich

tech-savvy, making them easier targets for online phishing. They also may have life-savings and other retirement funds that are attractive to thieves who are looking to make a buck.

A New York Times article from September of 2012 cites the FBI as warning that senior citizens are also targeted by identity thieves because, culturally, people who were raised in the 1940’s and 50’s were brought up to be polite to strangers and trusting.

Prevention

Senior citizens should be cautioned not to accept prizes that they are informed about over the phone or online, especially if they have not entered into any sweepstakes or contests. The caller or suspicious email may also ask for them to send money first to collect their prize or ask for sensitive information like a social security number. Phone calls like this should be considered especially suspicious if they originate from an overseas phone number or an unknown email sender.

They should also be in close contact with their bank to check on the status of their checking and savings accounts. Many senior citizens are not aware that they have become victims of identity theft until debt collectors start calling to demand payments for transactions that identity thieves have made in their name.

Talk to the older people in your life about the prevalence of identity theft and how to prevent scammers from taking their hard-earned money.

Sources:

http://www.identitytheft.info/seniors.aspx

 

‘Tis the Season for Phishing for Families

Hackers might not take a break from trying to find ways to steal your information and money, but it turns out they do follow seasonal trends. According to a report by Kaspersky Lab, in October, phishing attempts on social networks were down 10%, and they saw an increase in attacks on financial institutions or banks and on online shops. They say that’s an expected trend through the holiday season, based on data from last year.

Summer time bring attacks on kids

During the summer months and holidays, hackers target kids who are out of school and likely don’t know better than to click bad links on social networks. Kids are also more likely to over share private information online, making them a prime target for scammers. Most of the younger generation hasn’t yet learned to be skeptical of deals that are too good, and that can get them into serious trouble. Once school starts again, the phishing attempts via email slow down, while the hackers move toward more promising targets.

Holiday shopping online makes a tempting target for hackers

When the holiday season rolls around, Continue reading ‘Tis the Season for Phishing for Families

The Real Deal: PayPal Phishing Scam

Do you ever check you “spam” mail box before deleting it?   I do, if nothing else it’s good for a laugh as I am promised long lasting sexual experiences and beautiful brides from Russia, not to mention the millions of dollars I’ll receive just for helping some poor soul out with a money laundering scheme where there really is no money to be laundered.   I also find some things that never should have made their way in there, so it’s nice to know there is a place where I can check in and judge for myself.

Yesterday I found a message which appeared to be from PayPal.  And, wow it was GOOD!  This was quite possibly the most well done phishing scam message I have ever gotten.   It includes the images from PayPal, the mailing address, the correct grammar and punctuation and even the correct domain name.  It warned me of an impending problem with my account and that I needed to log in to resolve it, while providing a helpful link to use.

I didn’t panic, but I did wonder.   First, why DID this go to my Spam mailbox?  Other PayPal notices came to this email address and I receive them.   Did the email service detect something that I didn’t?  Next, I realized that, I never receive official PayPal notices at this email account. It’s a secondary one set up for things like ebay purchases and sales.  While I may receive notice of a payment, I never receive official statements about my account. Those all go to my primary email address.

I thought, what’s one more day. If there is something wrong with the account, I can fix it tomorrow.  But in the meantime I’m going to report this to PayPal and tell them why.  I sent the message to spoof@paypal.com (I have the address saved in my address book but you can also get questions answered online).

Today here’s my response:

Hello xxxx xxxxx,

Thanks for forwarding that suspicious-looking email. You’re right – it
was a phishing attempt, and we’re working on stopping the fraud. By
reporting the problem, you’ve made a difference!

Identity thieves try to trick you into revealing your password or other
personal information through phishing emails and fake websites. To learn
more about online safety, click “Security Center” on any PayPal webpage.

Every email counts. When you forward suspicious-looking emails to
spoof@paypal.com, you help keep yourself and others safe from identity
theft.

Your account security is very important to us, so we appreciate your
extra effort.

Thanks,

PayPal

This email is sent to you by the contracting entity to your User
Agreement, either PayPal Ince, PayPal Pte. Ltd or PayPal (Europe) S.à
r.l. & Cie, S.C.A. Société en Commandite par Actions, Registered Office:
5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118
349.

So if it looks suspicious it probably is.  It doesn’t hurt to think about your emails before you click that link, open that image or pass it along.   I caught it this time.  Hopefully by being aware of what’s out there I will catch any attempts at a phishing scam again.

No, Mark Zuckerberg isn’t giving Facebook users a free iPhone and iPad

Let’s talk about the importance of a Spam mail box in your email.  Today I’m doing my weekly spam check, before I empty my spam mail folder and I find this wonderfully, well written email from WoW! the CEO of Facebook!  Did I really get an email from him?  No, but at first glance it’s actually a pretty good spam copy.

But let’s talk about how you can know it’s a fake.  First I hovered over the email name which said Mark Zuckerberg. But by hovering over it I found an email account that was XXXX@hotmail.com.  I’m sure that account has already been closed, but I’m definitely not letting them know they found someone by replying.

Next, this email actually is pretty well written, without many of the common “tells” that let you know it is a fake message, like small errors in spelling, syntax or punctuation.   But if you look closely you will see many errors, they just aren’t glaringly obvious. I’ve highlighted them for you.

Lastly, the email address that this message came to isn’t associated with my Facebook account, so how would they have gotten it and why not use my name if it’s a personalized invitation to claim my prize?

The hope is that you will see some keywords like Facebook, Mark Zuckerberg, iPad and iPhone, that will really get your attention and Continue reading No, Mark Zuckerberg isn’t giving Facebook users a free iPhone and iPad

Three Ways Identity Thieves Find Your Phone Number

When it comes to identity theft, every individual in the world is at risk. This criminal practice has been going on for countless years and the number of victims continues to grow.

Some reports claim that as many as 10 million people are subject to identity theft every single year. Many times, this information is used to simply promote spam messages and illegal advertisements. Unfortunately, it can also be used to irrevocably ruin a person’s credit and potentially their life. An active phone number can be sold to illicit advertisers and scam artists who want to make a phone call in order to try to get more information.

Of course getting a phone number is relatively simple.  However, when combined with other pieces of information about you, your phone number can become quite valuable.

Here are a few of the ways in which identity thieves illegally gain the phone numbers of innocent individuals and add it to other (more potentially harmful) pieces of information, to assemble a picture of who you are.

Dumpster Diving
One of the easiest and most popular forms of accessing private information has been deemed dumpster diving. While the world continues its shift towards digitized information, vast amounts of information are still sent through generic letters, bills, and notices. Continue reading Three Ways Identity Thieves Find Your Phone Number

10 Most Despicable Scams of 2010

Unfortunately 2010 was wrought with hundreds of scams from fake charities to Internet hoaxes but we’ve compiled a list of ten despicable scams that we want to be sure you are aware of and know how to protect yourself in 2011.

1. Gulf Coast Oil Spill Scams

The Gulf Coast Oil Spill of 2010 is a tragic environmental disaster.  What’s even more despicable than watching oil-covered wildlife die?  Finding out that you’ve “donated” to a scam claiming to help Gulf Coast clean up or even “paid” to be trained to volunteer to help with the clean up.  Oil spill related scams have been rampant and yes, despicable in 2010. The BBB has a page of resources to help those who want to help, to give wisely.

Beware of:  People offering you a clean up job, but asking for a fee for your training. Continue reading 10 Most Despicable Scams of 2010

Wishing to Avoid Smishing and Vishing Holiday Scams?

So it wasn’t enough to learn that the “worms” involved in “phishing” scams weren’t on the end of a hook.  Now the FBI warns that this holiday season we also need to watch out for “smishing” and “vishing.”

Is all of this just identity theft gibberish?  Let’s decipher the “ish” family.

Phishing scams are online scams that target you through your e-mail.  Phishing scams may claim to be anyone from the FBI to the Better Business Bureau to EBay to your bank.  Of course the faux link will take you to an unsafe site where hackers will phish away for your personal information.

With every new piece of electronic equipment we buy and each new upgrade in technology, it seems that hackers and identity thieves find a new way to use our new toys to steal of money and our Christmas joy.

Smishing isn’t a new holiday dance; it’s a new scam.  Smishing scams are similar to phishing scams but smishing scams target you through your cell phone.  Smishers may send a text message to your cell phone or else place an automated call to your cell phone. Continue reading Wishing to Avoid Smishing and Vishing Holiday Scams?

Consumer alert: Beware unsolicited emails claiming to be from the IRS

While you may be waiting not so patiently for your income tax return this year and you may have even filed online, thieves know this and are eager to take advantage of an opportunity to scam unsuspecting taxpayers. Don’t be surprised if sophisticated phishing scams show up in your email inbox in the guise of an official communication from the IRS.

Continue reading Consumer alert: Beware unsolicited emails claiming to be from the IRS