Phishing
“Urgent! Your account has been suspended. Please visit this
link to update your information and reinstate your account.”
Have you ever
received an email like this, from a company with whom you do not have an
account? If so, you have been the target of a “phishing” scam.
The term “Phishing,” was intentionally coined as a play on
“fishing.” Fishing is exactly what the scam artists are doing – throwing you
deceptive bait to see if you will bite and give up your personal information.
Once they have that, scammers can make unauthorized charges to your bank
account or credit card, or even open fraudulent accounts in your name.
Internet scammers are now well-known for sending mass emails
(spam) or internet pop-up messages which seem to be from a friend or from a
business or organization that you deal with – such as a bank, credit card
company, or even a government agency. The message may ask you to “update,” “validate,”
or “confirm” your account. Some phishing emails threaten serious consequences
if you do not respond. The message will ask you to click on a link or call a
phone number. It is very easy for con-artists to take logos or web images and
recreate them to look and feel very legitimate or familiar. As real as the
websites may seem, they are not legitimate.
Malicious links
Do not click on any link in an email that may be phishy –
scammers can display an impersonated organization’s actual web address in a
link while still sending you to a bogus site. Open a new browser and type in a
web address you know to be correct, or call the organization using the phone
number published in a directory. Because many consumers have started to catch on
to the standard scams, fraudsters have become more sophisticated.
A link or attachment may lead to malicious software, known
as “malware,” being installed onto your computer. Malware may allow a scammer
to access your personal files, log your keystrokes to capture your passwords
and account numbers, or even take control of your computer to send phishing
emails to others.
Cyber imposters
Fraudsters may even use your identity to scam someone you
know. If scammers are able to gain access to your email or social media
accounts, they can contact your friends and family while posing as you. The
scammers will change your password immediately upon accessing your account,
thereby locking you out and cutting you off from all your contacts.
They can then send urgent messages to all of your contacts,
telling them that you have run into trouble, or are stranded abroad and need
money wired as soon as possible. By the time you are able to get the word out
that you are okay, a well-intentioned friend or family member may have already
wired money abroad. Also, many computer viruses are spread through compromised
email contact lists. A familiar “from” address in an email is no guarantee of
trustworthiness.
Spoofing
Spoofing commonly occurs when scammers use electronic
devices to disguise their true identities or to hide the origins of their
messages while phishing. In other words, the scammer will post a name or number
on your email, phone caller ID, text message, or even internet URL as being
from a person or place of business that you know and trust. Do not be fooled.
The scammer behind the fake ID could be in another state or country using false
names and titles that are impossible to trace.
Vishing & Smishing
After consumers started catching on to the phishing scams
through email, scammers turned to a new method of targeting their victims by
phone: vishing. Vishing is very similar to phishing, but scammers use telephone
calls (either live or pre-recorded “robocalls”) instead of emails to try and
lure people into giving up personal information. Vishers often pose as a local bank, credit union or other legitimate business that you
might be inclined to trust or patronize.
Because scammers can “spoof” any name and phone number that
they want, the scammer can easily make a familiar or trusted business name
appear on your caller ID. For example, a recorded message claims that the
consumer’s bank account has been compromised. When the consumer calls back,
he/she speaks with a live person posing as a bank employee, who convinces the
consumer that the only way to protect precious bank account information from
criminals is to give the “bank employee” his/her personal information.
If you ever receive a vishing call from someone claiming to
be an employee of your bank, credit card company, or any other business – hang
up. Then call the actual business immediately to report the incident. Be sure
to call using only a reliable telephone number obtained from your local phone
book or from your paperwork with that business.
When the scam uses text messaging rather than a phone call
or email, the scam technique is known as smishing. Typically, smishing text messages
come from a “50000” number, instead of showing a typical phone number. This
indicates that the message was sent from an email address, and not from an
actual phone.
As with phishing and vishing scams, you should not respond
to a smishing text message. If it seems to be a message from your bank or other
business you are familiar with, contact that business using a reliable
telephone number from your local phone book or from your paperwork with that
business.
If you receive a phishing email, ask yourself:
Have I ever done business with this company? If yes, still
be cautious before clicking any links. If no, do not click any links and delete
the email.
Are there any attachments with the email? If yes, do not
click on them. If you believe the email and attachment are legitimate, contact
the sender first to verify the contents and security of the attachment.
Does the email request any personal information (such as
Social Security number, Medicare card number, date of birth, credit card
numbers, bank account numbers, or passwords)? If so, do not reply. Delete the
email.
Does the email contain grammatical errors and awkward
sentences? If so, do not reply. Many times phishers are from foreign countries.
The grammatical errors are a red flag that the email is not from a
professional, reputable, and most importantly, legitimate business.
Still not sure about the email’s legitimacy? If you still
think that the email may be from a legitimate company that you have done
business with (such as your bank or a government agency), look up a telephone
number for that business or agency. Use a local, trusted phone directory or
paperwork you have from the business (such as a bank statement or the back of a
credit or debit card). Call the business or agency directly and ask them if
they sent you the email.
What to do if you fall victim
If you believe you have fallen for a phishing, vishing, or
smishing scam, do not panic. There are simple steps you can take to protect
your personal information.
Check your free annual credit report regularly. Obtain your
credit report FREE from each of the three (3) major credit reporting agencies
each year. Checking your report regularly is one of the best ways to protect
against ID theft. We recommend you check one report once every four (4) months.
You can get your free credit report from any of the three (3) – Equifax,
Experian and TransUnion – by calling (877) 322-8228, or online at
www.annualcreditreport.com. Review your report for any errors or possible
fraud. If you find errors or possible fraud, contact the credit reporting
agency and dispute your claim. Our office may also be able to assist you with
this process.
Place a fraud alert on your credit report. A fraud alert is
a free service you can request from each of the three major credit reporting
bureaus. The alert lets potential creditors know that you may be the victim of
identity theft. A fraud alert can make it more difficult for someone to get
credit in your name because it tells creditors to follow certain procedures in
order to protect you. It stays on your report for 90 days and can be renewed.
You can request the fraud alert by calling one of the three major credit
reporting bureaus, they will notify the other two major credit reporting
bureaus:
Place a security freeze on your credit report. A
security freeze will prohibit the release of any information on the credit
report without express authorization. A
security freeze is designed to prevent
an extension of credit from being approved without consent, which makes it more
difficult for identity thieves to open new accounts in your name. Request a free credit freeze by contacting
each of the credit report agencies list above.
Close any financial accounts that may have been compromised.
If you gave out a credit card number or checking account number, call your
financial institution and ask that the account be closed and reopened under a
new account number. Ask your bank if you can place a password on your accounts.
Some institutions may offer to monitor your account, but we highly recommend
you completely close the compromised account.
If you provided your driver’s license number, contact the
Division of Motor Vehicles. Phone them at (608) 264-7447 or find them online at
www.dot.state.wi.us
To help reduce telemarketing calls, sign up for the Do Not
Call Registry. Register your home and mobile residential numbers on the
Wisconsin Do Not Call Registry at no cost by visiting: NoCall.Wisconsin.gov or
by calling (888) 382-1222. You must call from the phone number you wish to
register. Telemarketers have up to 31 days from the date you register to stop
calling you.
If you become a victim of identity theft, contact the Bureau
of Consumer Protection. You can call (800) 422-7128 or email us at DATCPWisconsinPrivacy@wi.gov.