“Smishing” Self-Defense: How to Prevent Trouble that Comes in Text Messages

Photo credit: iStock/Natali_Mis

Each day, about 20 billion text messages are sent to two billion smartphone users worldwide. Most of these texts are opened within three minutes, and many within a few seconds.

The massive number of text messages and their rapid-fire response rate – by comparison, only one in four email messages are opened within 10 minutes of arrival – amounts to unbridled opportunity for fraudsters exploiting the du jour device for deception: the pocket-held computer that also happens to make phone calls which many of us carry or have nearby 24/7.

Called “smishing” (named after Short Messaging Service technology that sends text messages), it’s an attempt to trick you into revealing private information via SMS or text message. Angling for credit and debit card numbers, PINs, usernames and passwords, even Social Security numbers, smishing texts often purport to be from a government agency, your bank or other respected companies. Typical ploys allege a problem with your account; promise free gift cards; offer low-cost merchandise, mortgages and credit cards; and click-bait like customer satisfaction surveys that lure you to open imbedded links or attachments that can also harbor malware. Today, nearly half of clicks on malicious URLs are made from mobile devices – more than doubling the long-running rate of 20 percent, notes cyber security firm Proofpoint.

Although smishing has been around since last decade, it’s on the rise – and increasingly even more dangerous. Studies show that the rate of text spam specifically designed to defraud is seven times higher that of spam arriving by email. And with small screens and the inability to hover a mouse to preview a link, it’s harder to spot text-sent trouble. Your smishing self-defense:

  • Don’t reply to text messages from senders you don’t recognize. Even sending a “remove,” “stop” or “opt-out” response tells SMS senders that your mobile number is active, and ripe for more messages. Be especially wary of texts from a “5000” or other shortened number (versus a complete 10-digit phone number) indicating the message is actually an email sent to a phone.
  • Never reply to text messages asking you to “confirm” or provide personal or financial information. Legitimate companies don’t text requests for account numbers, log-in details, and other sensitive data. Government agencies don’t correspond by text (and are unlikely to even have your mobile phone number).
  • Slow down. Most people instinctively deal with text messages ASAP – and smishing scams work best when creating a false sense of urgency. Rather than calling back numbers provided in text messages (doing so is another tipoff of your working cell number), take a few minutes to verify the actual contact numbers of legitimate business that may need to contact you.
  • Forward suspicious text messages to short code 7726 (which spells “SPAM” on your keypad), which allows cell phone carriers to identify and block smishing messages.
  • Be stingy with your cell phone number. Don’t post it online, on social media, or provide it for contests, surveys, touted “deals” or “free trial”
  • If you haven’t already, install anti-malware software on your Android phone; some products also can block smishing texts. (Apple’s iPhones have built-in protection.) When you receive a bona fide notification of an upgrade to your phone’s software, install it immediately.
  • Keep tabs of your phone bill, looking for suspicious charges – even if you don’t respond to unknown texts.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

In general, you don’t want to reply to text messages from people you don’t know. That’s the best way to remain safe. This is especially true when the SMS comes from a phone number that doesn’t look like a phone number, such as a “5000” phone number. This is a sign that the text message is actually just an email sent to a phone.

You should also exercise basic precautions when using your phone. Don’t click on links you get on your phone unless you know the person sending them. Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it. A full-service Internet security suite isn’t just for laptops and desktops. It also makes sense for your mobile phone. A VPN such as Norton WiFi Privacy is an advisable option for your mobile devices. This will secure and encrypt any communication taking place between your mobile device and the Internet on the other end. Never install apps from text messages. Any apps you install on your device should come straight from the official app store. These programs have vigorous testing procedures to go through before they’re allowed in the marketplace. Err on the side of caution. If you have any doubt about the safety of a text message, don’t even open it.

Source link

2 New Twists in IRS Impostor Scams

2 New Twists in IRS Impostor Scams

Photo credit: iStock/max-kegfire

Despite crackdowns that busted several crime rings and resulted in scores of arrests in what reigned as the top scam for three consecutive years, IRS impostors are still going strong, launching two new twists in their long-running schemes that have already bilked U.S. taxpayers of at least $55 million since 2013.

In one ploy scammers posing as IRS agents are phoning citizens about a supposed tax debt, but are now claiming that the agency has already mailed them two certified letters about overdue taxes and that those letters were returned as “undeliverable.” In these phone calls, fraudsters threaten immediate arrest unless immediate payment is made — with a prepaid debt card only.

Swindlers falsely claim that prepaid debit cards are required to be linked to the government’s Electronic Federal Tax Payment System (EFTPS), an automated system for paying federal taxes electronically using the internet or by phone using the EFTPS voice response system. EFTPS is offered free by the U.S. Treasury Department and does not require the purchase of a prepaid debit card. And because this system is automated, taxpayers won’t receive a call from the IRS, the agency notes.

The other new ploy, revealed last week, targets tax preparers with bogus emails “seeking extensive amounts of sensitive preparer data” that the IRS warns could enable scammers to steal client data and to file fraudulent tax returns. These bogus emails, purportedly from a major tax software education provider in the U.S. (which the IRS did not identify), claim that problems with its database require accountants and other tax preparers to provide an extensive amount of sensitive information.

In addition to professional identifiers such as the preparer’s electronic filing information number and preparer tax identification number, these fake emails, which may originate in the U.S., seek preparers’ log-in credentials, answers to secret security questions, birth dates, Social Security numbers, even mothers’ maiden names. “The email is unusual for the amount of sensitive preparer data that it seeks. The IRS reminds all tax professionals that legitimate businesses and organizations never ask for usernames, passwords or sensitive data via email. Nor should a preparer ever provide such sensitive information via email if asked.”

As IRS impostor scams continue, your defense plan stays the same. No matter what new ruse follows — or what threats or claims are made — avoid being a victim by keeping in mind these telltale indicators of what scammers do but the IRS will not.

  1. Telephone or email to demand immediate payment, or call about taxes owed without first having mailed you a bill. Although the IRS now uses private debt collectors, those four companies (CBE Group, ConServe, Performant and Pioneer Credit Recovery) chase only extremely delinquent taxpayers after several past-due notices have been mailed. And unlike scammers, those collectors will not identify themselves as IRS agents.
  2. Demand a specific payment method such as prepaid debit card, gift card or wire transfer. The IRS does not use these methods for tax payments.
  3. Request that tax payments be made to a third party. All federal tax payments should be made payable only to the U.S. Treasury.
  4. Ask for credit or debit card numbers over the telephone.
  5. Threaten to immediately bring in local police or other law enforcement groups to have the taxpayer arrested for not paying.


When in doubt about claims you owe taxes, contact the IRS at 1-800-829-1040. If you know you don’t owe taxes or have no reason to believe that you do, report requests for payment (and scam calls and emails) to the Treasury Inspector General for Tax Administration at 1-800-366-4484 or at www.tigta.gov.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

New Trends in Cyber Scams

New Trends in Cyber Scams

Photo credit: iStock/BrianAJackson

According to the cyber security company, Symantec – known for their Norton and LifeLock products – cyber criminals reached “new levels of ambition” last year.

Below are some key highlights of their 2017 Internet Security Threat Report.

Deemed “the weapon of choice,” one in 131 emails sent in 2016 contained a malware-laden link or attachment – the highest rate in five years. Malicious email is “a proven attack channel,” reports Symantec. “It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Burgeoning trends in what awaits in your inbox:

  • Spear-phishing attacks aimed to defraud specific people rather than more widely distributed generic messages. Often disguised as routine correspondence such as invoices or delivery notifications, one spear-phishing campaign – spoofed emails instructing targets to reset Gmail account passwords – provided access to Hillary Clinton’s campaign chairman John Podesta’s account and resulted in hacked emails revealed by WikiLeaks during the 2016 presidential election.
  • Business email compromise (BEC) scams, which rely on carefully composed spear-phishing emails that target more than 400 companies each day, scamming more than $3 billion over the last three years.
  • A growing proportion of spam – roughly 53 percent of all emails sent – now contains malware.

Often initiated by email, ransomware attacks increased 36 percent worldwide in 2016 to seize control of personal computers and institution-wide networks, encrypting hostage files to make them inaccessible until a ransom is paid for their release. Termed by Symantec as “the most dangerous cyber crime threat facing consumers and businesses in 2016,” the company identified 101 new “ransomware families” last year – tripling previous numbers.

Another three-fold increase: The demanded ransom amount – an average of $1,077 per victim compared to just $294 in 2015. The U.S. is the most targeted and lucrative market, says Symantec, with 64 percent of American victims willing to pay a ransom to regain their files, compared to 34 percent globally.

Data Breaches
Although the total number of data breaches decreased last year – 1,209 compared to 1,211 in 2015 and 1,523 in 2014 – they now have a bigger impact. Symantec says that last year, some 1.1 billion identities were exposed, an average of 927,000 per attack; that’s twice the 2015 rates on both counts. In 2016, there were 15 individual breaches in which more than 10 million identities were exposed, up from 13 in 2015.

“Smart Home” Devices
With weak factory-issued default passwords that are rarely changed (or can’t be), smartphone app-controlled household devices including thermostats, security cameras, door locks, sprinkler systems and even coffee makers are a worrisome new frontier in computer crimes. Such Internet of Things (IoT) gizmos are already in millions of Americans homes, with predictions that some 50 billion devices will be employed by decade’s end.

Already, millions IoT devices have been hacked, typically enlisted as soldiers in a botnet army that, last October, temporarily knocked offline top websites including Amazon, PayPal, Netflix and Twitter. Some experts suspect this was a test attack to gauge (and prove) their vulnerabilities.

Most often hacked are IoT devices with these passwords, so if you can change them, do so ASAP: “Admin” and “root” lead the list in attempts to log in to the Symantec honeypot (a security technique used to attract swindlers and learn their practices), followed by “123456,” “12345,” “password,” “1234,” “admin123,” “test,” and “abc123.” The default password for the Ubiquiti brand of routers – “ubnt” – was also in the top 10, reinforcing the wisdom of having a unique (and strong) password for your home router as well as each smart home device.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.



Source link

What to Know About the Top Summer Scams

What to Know About the Top Summer Scams

As temperatures rise, so do certain scams. Here’s how to avoid getting burned in summer’s most common cons:

Home Repairs
Conning contractors typically come to your home unexpectedly, offering steep discounts on driveway resurfacing, roof work, tree trimming or other “necessary” repairs they happen to see while driving by or soliciting business door-to-door. Most seek an upfront payment to “go buy materials” and then disappear. Others do fast and faulty repairs (like spreading used motor oil to coat driveways) or may stop mid-job to extort more money … or find subsequent chores to continue the wallet-draining. What to know:

  • Good contractors are usually too busy to make unsolicited house calls; out-of-state license plates suggest fly-by-day “gypsy travelers” who spend summers going state to state to con elderly homeowners.
  • Despite scare tactics urging immediate repairs, most home repairs can wait until you get several bids from contractors. Get recommendations (and check results) from neighbors, building officials and lumberyards/plumbing/electrical supply shops where pros shop.
  • Don’t pay until the job is complete. Reputable contractors have credit lines to buy materials, although a deposit may be required for major projects like replacing a roof, windows, etc.


Vacation Rentals
Angling for upfront payment (usually by wire transfer or prepaid debit card), scammers steal photos and descriptions of properties from Realtor, hotel or vacation rental websites, and then clone the ads, offering supposed hot-spot “rentals” at discounted prices. What to know:

  • Before answering ads, Google the address, as well as names, emails and phone numbers of the supposed landlord or agent. Also cut and paste into a search engine large chunks of the descriptive text. Red flags include the property is actively up for sale (not for rent), a nonexistent address, an address listed for a business or other nonresidential property, and/or postings by people who fell victim to this particular scammer.
  • Don’t rely solely on email correspondence. Many rental scams are carried out by Nigeria-based scammers (so beware of poorly written ads). You’ll want to talk by phone; beware of foreign accents and area codes that don’t correspond with that of the property’s location.
  • Travel reservations and deposits should be made with a credit card or PayPal — never with a wire transfer or prepaid debit card.


Door-to-Door Sales
Summer and fall are prime time for all types of salesmen to come knocking — literally. Some may be legit but others are not. Magazine sales, often touted as a fundraiser, are especially popular bait preying on older Americans; other popular pitches are for bogus charities, home security systems, even overpriced household devices such as vacuum cleaners. What to know:

  • Just say no to strangers. Prices of magazine subscriptions sold door to door, for instance, are often marked up about 300 percent. Legitimate salespeople and fundraisers will have “leave-behind” material to review before opening your wallet.
  • If you do make a purchase and have regrets, act quickly. The FTC’s “Cooling-Off Rule” dictates a three-day cancellation allowance for a full refund on purchases over $25. Legitimate salesmen must reveal this rule during their pitch; if they don’t, assume it’s a scam.
  • Don’t allow sales reps into your home. Asking for a drink of water or to use your bathroom is a popular way to steal medications, purses and other grab-and-go items.


Two of three moves occur in the summer, and thousands each year end this way: After a moving company quotes a reasonable (if not lowball) offer, after the truck is loaded, the quoted price jumps sky-high, and belongings may be held hostage until customers pay the extra money. What to know:

  • Stick with known companies. Most rip-off rogues are movers who advertise on Craigslist or crude roadside signs. Visit protectyourmove.gov and verify a company’s licenses and complaint history.
  • Pass on any mover who won’t do an on-site inspection of your goods (instead giving a sight-unseen estimate), won’t provide a written estimate or says workers will determine the price after loading, demands a large deposit before the move, or asks you to sign blank or incomplete documents. Those red flags indicate a scammer.
  • Moving boosts your risk of identity theft. Know how to protect yourself before, during and after a move.


For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.


Source link

‘Found’ Money for a Fee? Beware of New Surge in Unclaimed Property Scams

‘Found’ Money for a Fee? Beware of New Surge in Unclaimed Property Scams

A longtime scam is back with a vengeance: Claims that state officials are holding money or property that belongs to you, and all you need to do is pay a fee to claim it.

Actually, the first part could be true. You could be entitled to a slice of some $43 billion in “unclaimed property” that sits in state treasuries – money from forgotten bank accounts, insurance policies, stock dividends, utility security deposits, even contents from abandoned safe deposit boxes.

But you don‘t have to pay anyone to get it. The only cost is spending a few minutes at www.MissingMoney.com, www.Unclaimed.org, or websites of the treasurer’s office in each state where you lived.

Ignore “pay-for-payment” requests that come via mailed letter, email or telephone calls because they are from scammers, and reports about the come-on cons have increased ten-fold this year compared to 2016…and in recent weeks, have exploded in many parts of the U.S.

There are several variations in unclaimed property scams, each angling for personal information (that could be used for later identity theft) and upfront payment to secure missing money that, if actually awaits you, can always be claimed for free:

  • Fraudsters lie about being an employee or affiliate of a State Treasurer’s office where you currently live, or a state where you previously resided.
  • Fake correspondence comes on letterhead from the National Association of Unclaimed Property Administrators (NAUPA), a legitimate organization that represents state unclaimed property programs but does not directly contact citizens.
  • Self-described “finders” or “locators” who say they have already located your missing money or will do the legwork on your behalf. Some are legal but unnecessary middlemen who charge commissions up to 40 percent (although some states cap allowed fees at 10 percent); others are crooks who do nothing more than collect your payment and personal information – including Social Security number – to direct you to publically available websites…if they do anything at all.

Most targets in unclaimed property scams are chosen randomly. Fraudsters buy mailing lists to reach hundreds or thousands of citizens with the same bogus claim. (Last year, it was a letter claiming to be from NAUPA or the “Office of the State Treasurer” that falsely stated that recipients had unclaimed sweepstakes winnings whose allocation would require a $2,250 service fee.)

But for a more convincing con, some would-be victims are contacted after fraudsters search MissingMoney.com or Unclaimed.org to unearth specific details such past addresses or actual entitlements.

In addition to those two websites, DIY (and no-cost) due diligence for other missing money can be done for:


All of these websites will require your Social Security number and other sensitive information. But unlike scammers, you will not be asked for bank or credit card information. Don’t reveal personal information unless you initiate contact with these agencies or use their websites.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Also of Interest


Photo Credit: iStock/Pogonici

See the AARP home page for deals, savings tips, trivia and more.

Source link

Most Likely to Be Scammed? Not Seniors, but Millennials

Most Likely to Be Scammed? Not Seniors, but Millennials

Gray-haired folk have long held “most scammed” status, but it may be time to pass on that unfortunate legacy. While the retirement-aged are targeted most often, increasing data shows that it’s millennials — our children and grandchildren ages 18 to 35 — who are most likely to lose money to fraudsters. Consider these recent findings:

Phone scams. About 1 in 10 American adults lost an estimated $9.5 billon to phone scams last year. Leading the pack were millennial men between ages 18 and 34, who were three times more likely to be victimized than the overall population, reports mobile communications company Truecaller, which offers a spam-blocking phone app. Its Harris-conducted survey of 2,000 adults finds that 33 percent of male mills report losing money to phone scammers; that compares to just 3 percent of males between ages 55 and 64 and 1 percent of men 65 and older. Meanwhile, some 11 percent of female millennials got duped, four times the rate of women 55 and older.

IRS imposter scams. Among the scariest and most successful phone scams: calls from self-described IRS agents threatening arrest, property seizure or deportation. Although millennials are less likely than Gen Xers (born between 1965 and 1984) or boomers (born 1946 to 1964) to receive tax scam calls, they are six times more likely to reveal credit card and Social Security numbers and other sensitive information, finds another just-released survey of 1,000 adults. Roughly 17 percent of millennials confessed that they had forked over ID theft-worthy details to mystery callers who could cite the last four digits of their Social Security number (as tax scammers often do), compared to only 3 percent of Gen Xers and 2 percent of boomers.

Job scams. Overall, about 1 in 6 job seekers have been scammed while searching for work online, and the highest gotcha rate is among that generation considered the most tech-savvy — millennials. In a 2015 survey of 2,600 American adults, job-search website FlexJobs finds that 20 percent of millennial job seekers got scammed, compared to 13 percent of those in their 60s.

Tech support scams. Millennials, especially men between 18 and 35, are the most often targeted and leading scammer-paying victims tricked by phony pop-up ads or alerts warning of a crippling computer virus. The top danger zone to snag most-duped male mills in these tech support scams: porn websites.

Everyday fraud. In its own research of more than 2,000 adults last year, the Better Business Bureau finds that some 30 percent of those between ages 25 and 34 lost money to scammers; it’s only single digits among those 55 and older.

What explains these trends? As experts continue to study the “whys,” the leading theories:

  1. We’re better prepared. Older is wiser — at least when it comes to recognizing that we’re vulnerable to scams. And heeding news, advice and warnings by AARP’s Fraud Watch Network and others, we are better able to spot scams and act accordingly. Tracking some 30,000 consumers targeted in different schemes, the BBB finds that nearly 9 in 10 seniors recognized the scam in time, with only 11 percent reporting they lost money. Millennials, meanwhile, lose money three times more often, likely being duped because they are clueless or could care less about educating themselves to prevent scams.
  2. Millennials think they’re invulnerable. Ask mills to describe the typical scam victim and their usual reply: an elderly, naive woman with less income and education. (The reality is younger college graduates have the highest gotcha rates.) While scam-savvy oldsters know that anyone is vulnerable, some researchers believe that millennials are most likely to have an “invulnerability illusion” — the belief that other people are more vulnerable than themselves. That mindset leads to more impulsive decision-making.
  3. They overuse and overtrust technology. Raised with the internet and cellphones, the average millennial, studies say, spends about 18 hours per day using some type of digital media. Because they are so familiar and comfortable with technology, defenses (and common sense radar) can take a back seat. Compared with other age groups, millennials are more likely to be careless with their tech — such as not using passwords to lock computers and cellphones and accessing financial accounts and doing online shopping on risky public Wi-Fi.
  4. They overshare. Tweets about breakfast. Selfies over lunch. Millennials love to share their lives online with who-knows-who, and that often includes details best kept private — names, birth dates, likes and dislikes, and other personal information that could be used for identity theft and scam-targeting sucker lists. Promise them a prize or other “tangible benefits,” and the majority of millennials willingly share their personal information with even unrecognized online askers. And guess which age group, says online security firm Norton, most likely willy-nilly shares their computer and cellphone passwords? No surprise (again): those between 18 and 34.


For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Photo: iStock/Zinkevych

Also of Interest


See the AARP home page for deals, savings tips, trivia and more.

Source link

Pin It on Pinterest