Avoid These Scams
Phishing is the criminal attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email, directing users to enter personal a fake website whose look and feel are almost identical to a legitimate one, such as the your credit union. Even when using server authentication, it may require tremendous skill to detect that the website is fake.
PROTECT YOURSELF by remembering that your financial institution will never send an email asking for personal information, or send you to a special site to “update personal information.” If you do not know the source, delete the email and contact the source yourself to verify and/or report the scam.
Vishing is the name for phishing attacks using the telephone. The term is a combination of voice and phishing, and is typically used to steal credit card numbers, credit union account numbers and passwords.
PROTECT YOURSELF by being suspicious of any phone call asking you to provide credit card or credit union numbers. Rather than provide the information, contact your credit union or credit card company directly to verify the validity of the message. You might receive a phone call advising you that your credit card has been used illegally, and to call a certain number to “verify” your account number.
Spear phishing is a variation of phishing. With phishing, criminals might send a single, mass e-mail to thousands of people. Spear phishing attacks are customized and sent to a single person at a time. The spear phishing email usually contains personal information such as your name or some disarming fact about your employment.
A spear phishing email usually includes a link leading to a fake web site that requests personal information. The phony email may contain a downloadable link that appears to come from an employer or another seemingly legitimate source. But the downloaded file to your computer collects your personal information and transmits it to the criminal.
PROTECT YOURSELF by understanding that these attacks are usually limited to corporate targets. Nearly all of the spear phishing complaints that been investigated have come from corporate employees. If you receive a suspicious email like this, go directly to HR or to your company’s technical people to learn whether the email is legitimate.
Smishing is yet another variation of phishing, the name a combination of SMS (Short Message Service, the technology used in text messaging) and phishing. In this scam, the fraudster uses cell phone text messages to lure you to a website or perhaps to use a phone number that connects to an automated voice response system.
The smishing text message typically urges your immediate attention. For example, it might say it is confirming an order for a large computer purchase, and you need to follow the scammer’s directions in order not to be charged for the item. Once you click on the URL or call the phone number, you are asked to provide card numbers, account numbers, PIN numbers, etc.
PROTECT YOURSELF by assuming that no legitimate business would contact you by text message with a request of this nature. If the message seems credible, use your phone to call Directory Service for the correct phone number, then call customer service to ask about the message.