Phishing and SMiShing
What is Phishing?
All Internet users should be aware of the online scam known as "phishing" (pronounced "fishing"). Phishing involves the use of e-mail messages that appear to come from your financial institution or another trusted business, but are actually from imposters.
Phishing e-mails typically ask you to click a link to visit a Web site, where you're asked to enter or confirm personal financial information such as your account numbers, passwords, Social Security number or other data. Although these Web sites may appear legitimate, they are not. Thieves can collect whatever data you enter and use it to access your personal accounts.
What is Vishing?
Similar to phishing but associated with the phone and a voice, "vishing" is a scam where the member receives a message via a phone, sometimes automated, that instructs them to call a number or individual to verify their account information by selecting given options. When the victim returns the call they are asked to provide personal, private information to validate or update their account. Vishing is sometimes difficult to perceive because the caller-id can be falsely displayed so members think the inquiry is from a legitimate financial organization.
Recent reports to SnoCope suggest vishing may be ongoing. Members have reported that they have received a phone call saying "Your credit card is locked press # and a phone number to respond . . ." SnoCope never calls members in this way to unlock or modify VISA debit or VISA credit cards. Members are advised; do not respond to this phone call. If you have responded to a vishing scam by selecting the options requested and have provided information please contact SnoCope immediately.
What is SMiShing
Similar to phishing, SMiShing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. This method is used to actually "capture" your information. The text message may be a web site URL, or a phone number that connects to automated voice response system.
Various SMiShing scams targeting credit union members have been circulating. The text message falsely claims to be from a credit union. If you receive such a message, do not call the number or reply to the text. Never give out your personal information in response to an e-mail or text. If issues ever arise relating to your debit or credit card, or if you have concerns about your account status, call the credit union directly at 425-388-3481.
How can I spot a phishing scam?
The message you receive may urge you to act quickly by suggesting that your account is threatened. It may say that if you fail to update, verify or confirm your personal or account information, access to your accounts will be suspended. The wording may also be sloppy and contain grammatical errors and misspellings.
Requests for personal information.
Scam e-mails typically ask for personal account information such as:
- Account numbers
- Credit and check card numbers
- Social Security numbers
- Online banking user IDs and passwords
- Mother's maiden name
- Date of birth
- Other confidential information
Non-secure Web pages. Clever thieves can build a fake Web site that looks nearly identical to an authentic one. They can even alter the URL (the Web address) that appears in your browser window. Watch out for non-secure Web pages that ask for sensitive information (secure sites will typically display a lock in the status bar at the bottom of your browser window and the address at the top will start with "https").
How can I decrease my risk of being a phishing victim?
Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious. A legitimate financial institution or business should not request personal information from you over an unsecured Web site. When in doubt, call the business' customer service number (available on your account statement) to confirm the status of your account. Do not use telephone numbers found on the suspected Web site.Always type in the URL of the Web page you need.
Phishing scams rely on embedded links that take you to fake Web sites. It's safer to type your financial institution's Web address directly into your browser so you know you're visiting the legitimate site.Protect your password.
Don't write down sensitive personal information such as your password or Social Security number. Change your password frequently.Keep your computer up-to-date.
We recommend that you install anti-virus and firewall programs to help keep your computer safe.Report an online scam.
If you receive suspicious e-mail that appears to come from SnoCope, please notify us immediately by forwarding the e-mail to firstname.lastname@example.org (do not open any attachments or click any links found in the suspicious e-mail).
You may also want to forward it to the Federal Trade Commission at email@example.com, or contact them at www.consumer.gov/idtheft* or 877.IDTHEFT (877.438.4338).
If you believe you have provided personal or account information in response to a fraudulent e-mail or Web site, please contact us immediately and contact the other financial institutions with which you have accounts.Recent phishing scams
A recent faudulent e-mail pretends to be a "Security Center Advisory" that informs members their account "has been randomly selected for maintenance," and that they need to click a link to verify their identity.
Another fraudulent e-mail states that there is a pending charge (often a quite large one) to the member's account, and in order to decline the transaction, they need to click a button or a link in the e-mail.
All of these e-mail messages include links that appear to take you to legitimate Web sites -however, the Web pages they go to are not legitimate. They actually take you to fake Web pages where the scammers collect personal and account information.Guidelines for e-mail use.
Because e-mail is not private, you should always be on guard when communicating through the Internet. Here are some guidelines for using e-mail:
- Never open e-mail or attachments from a stranger.
- Never open e-mail when the return address looks unusual (not spelled right or uses symbols) unless you know who sent it.
- Never "reply" to a stranger's e-mail.
- Never send personal or private information in e-mail.
Receiving a surprise e-mail from anyone is the first clue that a crook is baiting your hook. Don't let a crook catch you with a Phishing e-mail. You should never feel compelled to open an e-mail from a stranger. If it's that important, the sender will call you.