How to catch a 'Phish'
Their names may sound funny but their financial consequences are not: "Phishing," "smishing," "vishing" and "pharming" are just a few of the ways criminals gain access to personal information via your computer or smartphone. If you're not careful, identity thieves can use harvested information to open fraudulent bank or credit card accounts, take out loans, rent apartments or even charge medical procedures to your insurance plan.
Unfortunately, every time the authorities plug one hole, crafty criminals figure out new ways to trick unsuspecting victims. Here are some identity theft scams to watch out for:
Phishing: This is where you receive an email, purportedly from a trusted source like a government agency, bank or retailer that asks you to supply or confirm account information, log-in IDs or passwords. These imposters are "fishing" for your personal information. Legitimate organizations never ask you to verify sensitive information through a non-secure means like email.
Smishing (for "Short Message Service"): Like phishing, only it uses text messages sent to your cellphone. Even if you don't share any information, just by responding you're verifying that your phone number is valid, which means it probably will be sold to others who will try to trick you into their own scams.
Vishing (voice phishing): Where live or automated callers direct you to call your bank or credit card issuer under the pretext of clearing up a problem (like theft or overdrawn accounts). You'll be asked to share personal or account information. Keep a list of toll-free service numbers for all companies you use so you can call them directly without fearing you've been given bogus information. I also program these numbers – but not account numbers – into my cell phone in case I'm traveling.
Pharming. Where hackers redirect you from a legitimate website to an impostor site where your personal information is harvested ("farmed"). Social networking sites like Facebook and Twitter increasingly are being targeted, so always be wary of opening any links – even from trusted friends – because their account may have been hacked.
A few tips for spotting risky emails and texts:
* Although the "From" line may appear to be from a valid company email address, that's easy for fraudsters to mimic (called "spoofing").
* Beware of subject lines and body copy that use ominous or threatening language (e.g., "Your credit card has been suspended").
* Lack of a personalized salutation or closing details (e.g., "Dear Valued Customer").
* Watch for typos, poor grammar, punctuation, capitalization consistency and other warning signs it's not legitimate.
* Scroll your mouse over any embedded links before clicking to check for suspicious domain endings like ".be."
* Verify that an alert or request for information is legitimate by looking up the company's phone number and calling it yourself.
* Make sure your anti-virus and anti-spyware software is current.
For more tips protecting personal and account information and preventing online fraud, visit:
* The National Cyber Security Alliance's www.staysafeonline.org.
* The FBI's Be Crime Smart page, which highlights the latest scams and tells you how to report crime and fraud (www.fbi.gov/scams-safety).
* Visa Inc. offers VisaSecuritySense.com, which features tips on preventing fraud online, when traveling, at retail establishments and ATMs, deceptive marketing practices, and more.
And finally, don't forget good-old-fashioned pickpocketing, mail theft and dumpster diving as ways people may try to steal your personal information.