It's not just the holiday season for shoppers -- cyber-criminals look forward to this period of increased retail activity as a way to steal our money and personal information. This new wave of fraud is no longer simply targeting your somewhat antiquated desktop computer or even your laptop, but the scamsters are now finding ways to rip you off via all your wireless devices. In response to this wave of fraud, the Federal Bureau of Investigation (FBI) has warned the public to use caution when making online and cellphone purchases.
During this holiday season, you may receive a text message or an automated phone call on your cellphone saying there's a problem with your bank account. You're given a phone number to call or a website to log into and asked to provide personal identifiable information -- like a bank account number, PIN, or credit card number -- to fix the problem.
Beware: It could be a "smishing" or "vishing" scam... and criminals on the other end of the phone or website could be attempting to collect your personal information in order to help themselves to your money. While most cyber scams target your computer, smishing and vishing scams target your mobile phone, and they're becoming a growing threat as a growing number of Americans own mobile phones. (Vishing scams also target land-line phones.)
"Smishing": a combination of SMS texting and phishing
"Vishing": voice and phishing
Smishing and Vishing are two of the scams the FBI's Internet Crime Complaint Center (IC3) is warning consumers about as we head into the holiday shopping season. These scams are also a reminder that cyber crimes aren't just for computers anymore.
Here's how smishing and vishing scams work:
- Criminals set up an automated dialing system to text or call people in a particular region or area code (or sometimes they use stolen customer phone numbers from banks or credit unions).
The victims receive messages like: "There's a problem with your account," or "Your ATM card needs to be reactivated," and are directed to a phone number or website asking for personal information.
Armed with that information, criminals can steal from victims' bank accounts, charge purchases on their charge cards, create a phony ATM card, etc.
Sometimes, if a victim logs onto one of the phony websites with a smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone. With the growth of mobile banking and the ability to conduct financial transactions online, smishing and vishing attacks may become even more attractive and lucrative for cyber criminals.Here are a couple of recent smishing case examples:
- Account holders at one particular credit union, after receiving a text about an account problem, called the phone number in the text, gave out their personal information, and had money withdrawn from their bank accounts within 10 minutes of their calls.
- Customers at a bank received a text saying they needed to reactivate their ATM card. Some called the phone number in the text and were prompted to provide their ATM card number, PIN, and expiration date. Thousands of fraudulent withdrawals followed.
Gone Phishing: Illegitimate Delivery Services
The major legitimate delivery service providers do not e-mail customers directly regarding scheduled deliveries; you have to already have an existing account for this type of communication. Nor will they state when a package has been intercepted or is being temporarily held. E-mails about these issues are phishing scams that can lead to personal information breaches and financial losses.
Be Safe: Never immediately reply to emails from purported providers such as FedEx, UPS, etc. The better practice is to find the authentic website or 800-number for such companies and to confirm any delivery queries. Most reputable delivery firms have an online "Track My Order" link you can use to trace a delivery.
Think about this: Why would a delivery company need to know confidential information or financial data in order to deliver a package to you?
Have I Got A Deal For You
The FBI warns that Internet criminals post classified advertisements on auction websites for products they do not have. If you buy merchandise promoted via an online ad or auction site but receive it directly from the retailer, it could be stolen property. You can protect yourself by not providing the seller with your financial information.
Use legitimate payment services for transactions. Fraudsters will also offer reduced or free shipping to auction site customers. They provide fake shipping labels, but they don't pay for the packages' delivery. Parcels shipped with these phony labels are intercepted and identified as fraudulent.
The Gift That Doesn't Keep On Giving
It's safest to purchase gift cards directly from merchants rather than through auction sites or classified ads. If the merchant discovers the card you received from another source was initially fraudulently obtained, the card will be deactivated.
FBI's Internet Crime Complaint Center (IC3) Consumer Protection Tips
- Treat your mobile phone like you would your computer...don't download anything unless you trust the source.
When buying online, use a legitimate payment service and always use a credit card because charges can be disputed if you don't receive what you ordered or find unauthorized charges on your card. Check each seller's rating and feedback along with the dates the feedback was posted. Be wary of a seller with a 100 percent positive feedback score, with a low number of feedback postings, or with all feedback posted around the same date.
Don't respond to unsolicited e-mails (or texts or phone calls, for that matter) requesting personal information, and never click on links or attachments contained within unsolicited e-mails. If you want to go to a merchant's website, type their URL directly into your browser's address bar Be cautious of e-mail claiming to contain pictures in attached files; the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
Avoid filling out forms contained in e-mail messages that ask for personal information.
Always compare the link in the e-mail with the link to which you are directed to determine if they match and will lead you to a legitimate site.
Log directly onto a store's website identified in the e-mail instead of linking to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence will provide the proper contact information.
Contact the actual business that supposedly sent the e-mail to verify if the e-mail is genuine.
If you are asked to act quickly, it may be a scam. Fraudsters often create a false sense of urgency.
Verify any requests for personal information by calling the business or financial institution using the phone numbers listed on a billing statement or credit card.When in doubt:
If you have received a suspicious e-mail, file a complaint with the Internet Crime Complaint Center.
For more information on e-scams, visit the FBI's E-Scams and Warnings webpage: www.fbi.gov/scams-safety/e-scams
Support HuffPost
Our 2024 Coverage Needs You
Your Loyalty Means The World To Us
At HuffPost, we believe that everyone needs high-quality journalism, but we understand that not everyone can afford to pay for expensive news subscriptions. That is why we are committed to providing deeply reported, carefully fact-checked news that is freely accessible to everyone.
Whether you come to HuffPost for updates on the 2024 presidential race, hard-hitting investigations into critical issues facing our country today, or trending stories that make you laugh, we appreciate you. The truth is, news costs money to produce, and we are proud that we have never put our stories behind an expensive paywall.
Would you join us to help keep our stories free for all? Your contribution of as little as $2 will go a long way.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
Contribute as little as $2 to keep our news free for all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. Would you consider becoming a regular HuffPost contributor?
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. If circumstances have changed since you last contributed, we hope you’ll consider contributing to HuffPost once more.
Support HuffPostAlready contributed? Log in to hide these messages.