It's not just the holiday season for shoppers -- cyber-criminals look forward to this period of increased retail activity as a way to steal our money and personal information. This new wave of fraud is no longer simply targeting your somewhat antiquated desktop computer or even your laptop, but the scamsters are now finding ways to rip you off via all your wireless devices. In response to this wave of fraud, the Federal Bureau of Investigation (FBI) has warned the public to use caution when making online and cellphone purchases.
Smishing and Vishing
During this holiday season, you may receive a text message or an automated phone call on your cellphone saying there's a problem with your bank account. You're given a phone number to call or a website to log into and asked to provide personal identifiable information -- like a bank account number, PIN, or credit card number -- to fix the problem.
Beware: It could be a "smishing" or "vishing" scam... and criminals on the other end of the phone or website could be attempting to collect your personal information in order to help themselves to your money. While most cyber scams target your computer, smishing and vishing scams target your mobile phone, and they're becoming a growing threat as a growing number of Americans own mobile phones. (Vishing scams also target land-line phones.)
"Smishing": a combination of SMS texting and phishing
"Vishing": voice and phishing
Smishing and Vishing are two of the scams the FBI's Internet Crime Complaint Center (IC3) is warning consumers about as we head into the holiday shopping season. These scams are also a reminder that cyber crimes aren't just for computers anymore.
Here's how smishing and vishing scams work:
- Criminals set up an automated dialing system to text or call people in a particular region or area code (or sometimes they use stolen customer phone numbers from banks or credit unions).
Here are a couple of recent smishing case examples:
- Account holders at one particular credit union, after receiving a text about an account problem, called the phone number in the text, gave out their personal information, and had money withdrawn from their bank accounts within 10 minutes of their calls.
- Customers at a bank received a text saying they needed to reactivate their ATM card. Some called the phone number in the text and were prompted to provide their ATM card number, PIN, and expiration date. Thousands of fraudulent withdrawals followed.
Gone Phishing: Illegitimate Delivery Services
The major legitimate delivery service providers do not e-mail customers directly regarding scheduled deliveries; you have to already have an existing account for this type of communication. Nor will they state when a package has been intercepted or is being temporarily held. E-mails about these issues are phishing scams that can lead to personal information breaches and financial losses.
Be Safe: Never immediately reply to emails from purported providers such as FedEx, UPS, etc. The better practice is to find the authentic website or 800-number for such companies and to confirm any delivery queries. Most reputable delivery firms have an online "Track My Order" link you can use to trace a delivery.
Think about this: Why would a delivery company need to know confidential information or financial data in order to deliver a package to you?
Have I Got A Deal For You
The FBI warns that Internet criminals post classified advertisements on auction websites for products they do not have. If you buy merchandise promoted via an online ad or auction site but receive it directly from the retailer, it could be stolen property. You can protect yourself by not providing the seller with your financial information.
Use legitimate payment services for transactions. Fraudsters will also offer reduced or free shipping to auction site customers. They provide fake shipping labels, but they don't pay for the packages' delivery. Parcels shipped with these phony labels are intercepted and identified as fraudulent.
The Gift That Doesn't Keep On Giving
It's safest to purchase gift cards directly from merchants rather than through auction sites or classified ads. If the merchant discovers the card you received from another source was initially fraudulently obtained, the card will be deactivated.
FBI's Internet Crime Complaint Center (IC3) Consumer Protection Tips
- Treat your mobile phone like you would your computer...don't download anything unless you trust the source.
When in doubt:
If you have received a suspicious e-mail, file a complaint with the Internet Crime Complaint Center.
For more information on e-scams, visit the FBI's E-Scams and Warnings webpage: www.fbi.gov/scams-safety/e-scams