Archive for September, 2010
Lots of crooks all across America have hung signs on their doors – “Gone Smishing.”
Thousands of cell phone users all over the country are regularly receiving automated messages or texts, warning them that their bank accounts have been misused.
Police and bank officials say it’s a scam, and that someone is attempting to steal your account numbers so they can withdraw your money and run up huge credit card purchases.
The calls or texts falsely warn that a person’s checking, debit or credit card account has been deactivated or used improperly. In each case, the person is asked to contact the caller and provide their credit, debit or bank account numbers.
This practice is called “smishing,” derived from Short Message Service technology, which is used for cell phone text messages. The term smishing is a mix of SMS technology with the practice of “phishing,” to send legitimate-looking e-mails and text messages to cell phones. In a banking context, these messages appear to come from the recipient’s bank or credit union.
Wireless cell phone companies are working on ways to block unwanted text messages, while customers are reporting increasing numbers of spam messages and smishing attacks. Some users are even forced to pay for the text messages they receive.
Some tips to avoid getting hooked into this scam:
• Do not reply to text messages that ask for personal for financial information.
• Do not call phone numbers listed in the text message. The area code shown does not necessarily reflect where the scammers really are.
• Do not go to Internet sites shown in the text message or e-mail.
If you receive a text message or e-mail on your cell phone that is not from your bank or credit union, delete the message immediately. If you do not know whether you have an account with the bank or credit union, or have a question regarding the message, call the bank or credit union to verify, using the telephone number you would normally use or can verify.
Additional tips to help you avoid identity theft:
• Review your bank and credit statements regularly. If any unauthorized transactions are listed. Notify your financial institution immediately to gain protection against the charges.
• Make sure to monitor your credit reports.
• If you receive a bill or statement, follow up with the company.
• Always keep your passwords confidential. Banks, credit unions and credit card companies will not ask you to disclose them.
According to www.recovery.gov, the White House Web site for all things economic recovery, a new scam has emerged.
Earlier this year, a phony company called Mouch & Thompson PLLC sent a letter to low income residents offering rental assistance grants under the American Recovery and Reinvestment Act. The letter stated that its first 50 recipients who showed up at the company’s offices would be guaranteed the money. The letter was supposedly penned by the company’s president, Wesley Mouch.
But the letter was, in fact, an identity theft scam. The company does not exist, and neither does its president.
According to officials in the Charleston, West Virginia are where the office was supposedly located, lots of people showed up. Investigators were tipped off about the scam, and placed surveillance cameras at the location, but the crooks never made an appearance.
And so ends another cautionary tale in the identity theft saga.
There are many scams currently being used to take advantage of those hit hardest by difficult economic conditions. Scammers often claim they can help eligible Americans obtain recovery money or other government funds. One such scam claimed that for a small credit card fee, a person could order a compact disc or gain access to another Web site explaining how to receive a $12,000 government grant. Those who took the bait were charged a monthly fee of up to $69.95.
Many of these scams use official government insignia or photos of President Barack Obama to lend their claims an air of credibility. The scammers also employ the use of e-mail, traditional mail, phone calls and radio announcements.
In this particular type of scam, criminals rely on the public’s lack of knowledge regarding Recovery Act programs, and will claim they can assist in acquiring grant or loan money, or even tax rebates, all available under the Recovery Act.
But the law has provided funds directly to individuals in only a few instances, such as in 2009 when the Recovery Act provided economic recovery payments through the Social Security Administration to individuals receiving Social Security or supplemental security income benefits.
The Federal Trade Commission, the Better Business Bureau and the Federal Bureau of Investigation regularly warn the public about stimulus scams, and investigators from these agencies say citizens should avoid providing any personal information to companies offering access to recovery money, and should immediately contact their state’s Attorney General if approached with such offers.
Identifying fraud is getting more and more tricky. Criminals have become more and more creative, and increasingly clever about disguising their methods. And on top of that, they’re using more sophisticated technology to commit crime.
Perhaps the most devious tactic being employed by criminals is that they are now targeting their crime. The most vulnerable are being targeted – weary homeowners in danger of losing their homes to foreclosure are enticed with foreclosure scams, while those drowning in debt are duped by offers to clean up or eliminate debt with little or no effort by the debtor.
But there are ways to recognize a scam. First, if you are told an offer will expire if you don’t respond immediately or quickly, and you feel pressured to make a decision, the offer could be fraudulent. Always take your time before committing to anything. You may also want to discuss the offer with friends. Others can often discern when an offer isn’t forthcoming.
Search for the company, the individuals and the offer online. If it is a scam, chances are you’ll find information about it online.
If the offer is from a well-known company, confirm it with them. Don’t just assume that because the offer says it’s from a particular company that that’s the case. Always confirm. Make sure that the phone numbers, links and addresses that came with the offer are legitimate.
One rule of thumb recommended by law enforcement officers is to ask yourself, “If I were made this same offer on the street, would I give out my personal information?” If not, then you shouldn’t give it out online.
If you can’t figure out any other way to determine whether something is legitimate, rely on your gut instincts. If you have any doubts about a particular offer, just don’t do it. Better safe than sorry.
One single criminal operation was responsible for two-thirds of all phishing” attacks in the second half of 2009 and is responsible for a two-fold increase in the crime, a report published by the Anti-Phishing Working Group (APWG) stated. Over the last three years, the Anti-Phishing Working Group’s semiannual Global Phishing Survey has become a widely cited source of information about the state of phishing and its effect on Internet users.
“Phishing,” is the process of attempting to acquire sensitive information such as user-names, passwords, social security numbers, credit card numbers and other personal and financial information by masquerading as a legitimate sender in an e-mail or other electronic communication. Messages that purport to be from popular social web sites, auction sites, on-line payment processors or web-site technical administrators are commonly used to lure individuals into responding. Phishing is typically done using e-mail or instant messaging, and messages usually instruct the reader to enter personal information at a fake website whose look and feel are almost identical to the one it mimics.
There were 126,697 phishing attacks during the second half of 2009, more than double the number in the first half of the year or from July through December of 2008, the APWG report said. Avalanche, which was first identified in December of 2008, was responsible for almost one-quarter (24%) of attacks in the first six months of 2009 and for almost two-thirds (66%) over the remainder of the year. Avalanche targeted more than 40 major financial institutions, online services, and job search providers.
The APWG report stated that, during the attacks, “ … target institutions, the relevant domain name registrar(s), a domain name registry, and other responders and service providers to all be aware of the campaign and working on mitigation at the same time …” Oddly enough, the very scope of Avalanche’s early coordinated attacks may have resulted in the greater ability of the Internet community to neutralize the group’s later efforts.
The Avalanche gang’s infrastructure was briefly shut down in mid November, and ever since then phishing attacks generated by the group have dropped precipitously. Last month, the gang was only able to launch 59 attacks.