What is phishing, vishing, and SMShing?
A few days before Christmas, I was having lunch out when I opened an email that appeared to come from American Express:
“Please click this link to authorize a recent charge on your account.”
“Well, that's weird,” I thought. I hadn't used my American Express card in several months.
I was stunned as I read the rest of the email. They wanted me to confirm a purchase that was definitely not made by me — a $5,500 order at an online Apple store. And I totally panicked. I mean, I freaked. Someone was obviously going on a wild online shopping spree with my credit card information, right? I had to put a stop to it right that second.
Since I didn't want to sort it out through email, I chose to call American Express directly with the number on the back of my card. And once I did, I was relieved to find out that the email I received wasn't actually from American Express at all. Nope, according to the rep I spoke with, the email was just one of the many phishing scams that are currently being perpetrated against American Express and their customers. But, what exactly is a phishing scam? After getting off the phone, I did a little bit of research to find out what was going on. What I discovered is that tech-savvy scammers are coming up with inventive ways to trick consumers into handing over their personal information. As the FDIC puts it, a “phishing scam” is a scheme that “encompasses fraudulently obtaining and using an individual's personal or financial information.”
Types of phishing scams
In today's Internet-connected world, phishing scams are on the rise — and the variety of scams is amazing. Many originate in email form, asking unsuspecting consumers to hand over their personal information for the purpose of verifying their identity, updating their information, or, as in my case, confirming a suspicious-looking purchase on their account. Once they get you to click on the link to their fraudulent website, however, they'll ask you a whole range of questions under the guise of consumer safety. It's all a lie and they can only hope that you'll play along and fall for it. In the meantime, they're busy plotting to steal your identity or access your accounts.
Unfortunately, I would soon find out that scams like this aren't limited only to email.
A few weeks after receiving the fraudulent American Express email, I was on the receiving end of a phishing scam for the second time. It all started when I received a legitimate-sounding voice mail from Chase Bank stating that I needed to call to verify my account. I was skeptical at first, but I do have several Chase accounts, including a mortgage. So I called the 1-800 number they left on my voice mail. However, while I was on hold, I did a quick Google search for the number to determine that it was, in fact, a Chase number.
And it wasn't.
My quick Internet search uncovered that it was another phishing scam designed to get my personal information in the sneakiest way possible. So I hung up and called the number on the back of my Chase card instead.
“There's nothing we can do,” said the operator at Chase fraud protection. “We take the number and their information and keep track of it, but we can't stop these people,” she said. “There are just too many of them.”
Phishing scams gone wild
With the recent data breach at Target stores that affected an estimated 40 million individuals, many, if not most, people have become rightfully concerned about the safety of their personal financial information. This includes, but is not limited to, our bank account numbers, Social Security numbers, credit card numbers, and other information that could prove helpful to someone who wants to rob us blind, or worse. And with scams coming at us from nearly every direction, it's becoming hard to know whom to trust.
I recently reached out to Curtis Arnold, editor-in-chief of CardRatings.com, in an effort to see what steps I could take to avoid phishing scams altogether. Unfortunately, I learned that there is nothing anyone can do to avoid being targeted, at least short of not having any sort of presence in the financial world or online. Instead, we must learn to identify phishing scams if we have any hope of avoiding them. According to Arnold, phishing emails usually have at least one of these telltale signs:
- An urgent tone “Phishing emails usually have an urgent tone and warn of terrible consequences,” says Arnold. The details vary from scam to scam, but they often include threats of account closure, lost funds, or unauthorized purchases.
- An unfamiliar salutation According to Arnold, an email that starts with “Dear Customer” or “Dear Valued Client” is most likely a phishing email.
- Bad grammar and spelling errors Scammers whose first language is not English may struggle to create an email that is free of errors or awkward wording.
- A fake logo Although tech-savvy scammers may get close to re-creating a logo, it's often different enough that it can be noticed by the naked eye.
According to Arnold, these types of scams frequently take the form of a phone call (vishing), like the call I received, as well as a text message (SMShing). But no matter how you are contacted, the telltales are the same.
How to protect yourself from phishing scams
While we can't prevent being targeted by scam artists, we can protect our personal and financial information by taking the proper precautions when dealing with unsolicited phone calls or emails.
“The first step should always be to call the bank, credit card company, or retailer from whom the email is from and ask. You can also mouse over the links and see if they look legit,” says Arnold.
“Anyone who calls or emails and asks for your account number or Social Security number should also raise red flags,” he adds. “If you call your bank, they are likely to ask for a variety of information to locate your account and verify that you are who you say you are. But, it's highly unlikely that they would call you and ask for sensitive information and even less likely that they would ask via email,” he says. “If you get a call like that, hang up and call the number on the back of your card.”
It's also important to monitor your credit report for errors, which can be done easily and for free by accessing annualcreditreport.com. Another way to protect yourself is by tracking all purchases on your accounts closely online, says Arnold.
“If your information is compromised, you'll want to know as soon as possible so you can notify the bank.” This part can be critical to ensure that you're not on the hook for any fraudulent charges to your account.
The bottom line is this: Phishing scams aren't going anywhere. In fact, it's likely that they'll only become more sophisticated and harder to detect. Learning to recognize a scam and avoid it is, unfortunately, all that anyone can do to protect themselves. As criminals continue to come up with creative and innovative ways to exploit us, we must become wise.
Have you ever been on the receiving end of a phishing email or phone call? Do you know anyone who has been a victim of a phishing scam?