Scams: Phishing, Smishing and Vishing
Sometimes the financial scams that hit your wallet the hardest aren't the complicated con games you often see in movies like The Sting. More often than not they come in the form of a simple phone call, or a pop-up ad on a website (but not this one, of course). If you're a military servicemember on deployment or a military family member taking care of finances, these scams can be especially easy to spot as you try to keep up with your email or phone messages.
USAA recently came up with a list of 12 major scams, and in the first part of a continuing series, we break down a few of them, as well as tips of our own on how to avoid them. So without further ado, here's the lowdown on phishing, vishing and smishing ? it sounds like something out of Dr. Seuss, but it's much more insidious than that.
We like the band Phish as much as anyone ? unfortunately, phishing is something that could cost you way more than the price of a concert ticket. In phishing, you receive an e-mail from what seems to be a familiar financial institution or company you have an account with (Amazon, for example), asking you to check your account due to an alleged error or problem. You will then be asked to click to a webpage that looks legit. On the page, you'll be asked to verify personal information, such as your account number, password and Social Security number. In another variation, you'll be asked to email your personal or financial info.
Phishing can cast a wide net, but another version known as spear phishing takes a more targeted approach, attacking small groups of people who have something in common, such as the same bank, school or employer.
Phishing over the phone is known as vishing. Instead of sending an e-mail, scammers will call you, claiming to be from your bank or another institution you trust, and will ask for a password or Social Security number.
Scammers certainly know how to make use of new technologies -- this variation on phishing uses text messages.
How to avoid phishing, vishing and smishing:
- If you're asked to provide personal or financial information, don't bite. Email and phone is not a secure method of transmitting personal information, and no honest company will ever ask you to transmit such info to them over email or the phone.
- Look for inconsistencies. Maybe there's some bad misspellings in the message, or the company name is capitalized when it should be in lowercase. Phishers are getting better at writing "realistic" copy, but often strange grammar is another giveaway.
- Is the URL suspicious? If you get a message that claims to be from Amazon but you end up linking to a website without amazon.com in the URL, you're probably being taken for a ride.
- Go straight to the source. If you're suspicious about a request made of you, go straight to the official website of the company in question (not the link given to you in the email) and log into your account. If you have an official customer service number on hand, call it and double-check.
- Protect your email. Make sure you're up to date on anti-virus software, firewalls, and email spam filters ? a good defense will often prevent you from even seeing a phishing attempt, let alone getting victimized by one.
- Review your credit card and bank account statements regularly. If by chance you do happen to get hooked by a phishing scam, you should be able to detect illegal activity on your account through reviewing your statements. Many credit cards have extra protection against credit theft ? check with your card to see what's available.
- Get the word out. If you receive spam that is phishing for information, send it to firstname.lastname@example.org and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems. If you believe you've been scammed, file your complaint at ftc.gov, and then visit the FTC's Identity Theft website at www.consumer.gov/idtheft.