Catching a 'phish': how not to take the bait
By, Carla Hindman, Director of Financial Education, Visa Canada
A generation ago, families didn't spend a lot of time worrying about financial fraud. Today, fraud attempts are perpetrated via many channels, such as over the phone, through the mail and increasingly, online. It's an equal opportunity crime that can affect consumers of all ages.
"Phishing" "smishing," "vising" and "pharming" are just a few of the ways criminals can gain access to personal information through your computer or smartphone. Identity thieves can use harvested information to open fraudulent bank or credit card accounts, take out loans, or even rent apartments. Here are some fraud scams to watch out for:
Phishing. This is where you receive an email, supposedly from a trusted source like a government agency, bank or retailer, that asks you to supply or confirm account information, log-in IDs or passwords. Theses imposters are "fishing" for your personal information. Legitimate organizations never ask you to verify sensitive information through a non-secure means, such as email. There are two types of phishing: clone phishing (previously-delivered, legitimate email with a malicious attachment or link), and spear phishing (targets specific individuals or companies sent from a known user).
Smishing (for "Short Message Service"). Smishing is like phishing, only it uses text messages sent to your cellphone. If you've ever received texts from a random number asking you to be a "mystery shopper for $500 a week?" or telling you that you've "won a free vacation?", chances are it could be a smishing scam. Even if you don't share any information, just by responding you're verifying that your phone number is valid, which means it could be sold to others who will try and trick you into their scams.
Vishing (Voice Phishing). In vishing scams, live or automated callers pose as your bank or credit card issuer and call under the guise of fixing a problem (like theft or overdrawn accounts), and attempt to extract personal or account information. Keep a list of toll-free service numbers for all financial companies you use so you can call them directly without fearing you've been given bogus information. If the person on the other end of the phone is attempting to coerce you into sharing your information, chances are they are fraudsters.
Vishing can include tax scams- a phone call claiming to be the Canada Revenue Agency. Many times they tell you that you owe "back taxes" as a result of an audit and that they must be paid immediately to avoid a fine or a warrant for your arrest. Often times fraudsters suggest payment through methods such as gift cards.
Another example of vishing is the lottery scam, where people are advised over the phone that they are the winner of a large lottery or sweepstakes, but prior to receiving winnings, they must first pay an upfront fee (but no winnings are ever actually received). It's a good rule of thumb to never give out credit card information over the phone unless you initiated the call.
Pharming. With Pharming, hackers redirect you from a legitimate website to an imposter site where your personal information is harvested ("farmed"). Social networking sites are increasingly being targeted, so always be wary of open links- even from trusted friends- because their accounts may have been hacked.
A few tips for spotting risky emails and texts:
- Beware of subject lines and body copy that uses ominous or threatening language (e.g., "your credit card has been suspended").
- A lack of a personalized salutation or closing details (e.g. "Dear Valued Customer") may indicate a fraudulent message.
- Watch for typos, poor grammar, punctuation, capitalization consistency and other warning signs that it's not legitimate.
- Scroll your mouse over any embedded links before clicking to check for suspicious domain ending like ".be."
- Verify that an alert or request for information is legitimate by looking up the company's phone number and calling it yourself.
- Make sure your anti-virus or anti-spyware product is updated.
Here are some tips on how to prevent becoming phish bait:
- Never write down your Personal Identification Number (PIN)-memorize it.
- Never disclose PIN numbers to anyone.
- Report suspicious activities on your credit card or bank account to your issuing bank immediately.
- Don't share any personal information such as birth date or credit card information over the phone, through the mail, or over the Internet, unless you have initiated the call and know the business you are dealing with is reputable.
- Sign up for fraud alerts from banks, credit card issuers or investment companies to receive immediate notice of unusual or potentially illegal activity on accounts.
For more tips protecting personal and account information and preventing online fraud, visit:
- The Canadian Anti-Fraud Centre
- Visa Security Sense, which features tips on preventing fraud online, when travelling, at retail establishments and ABMs, via deceptive marketing practices, and more.
This article is intended to provide general information and should not be considered legal, tax or financial advice. It's always a good idea to consult a tax or financial advisor for specific information on how certain laws apply to your situation and about your individual financial situation.