Personal information threats don’t just come through email anymore. We’ve seen attempts coming through social media scams, text messages (smishing), and phone calls (vishing). These malicious frauds attempt to gain access to your account usernames and passwords, bank account information, credit card numbers, and other such personally identifiable information (PII). Most of the attacks seen on campus are still of the phishing variety, but it’s important to be aware of other potential threats. And keep in mind – your best line of defense is to use your common sense, and be wary of everything.
We all know not to send the African Prince our bank account information via email, but what about a friend stranded in an airport messaging you on Facebook? Believe it or not, this could be phishing too. So, what do you do?
Don’t click! Verify.
Do some research. Did that person post anything recently on Facebook about leaving for a trip or returning from a trip? If they posted just that morning about cuddling with their dog all day, then odds are they aren’t in Fiji at the moment. If you can’t find anything, then try texting, calling, or emailing this person. Avoid replying to the Facebook message. The phisher could use that to target you next.
If you are pretty sure that this is a phishing message, let the victim know. They should change their password immediately. Remind them to let others know this message was a scam before some poor soul falls victim to the scam. Next, report the message or post. Most social media platforms have an option to report a post for spam content. This will not hurt your friend; it will only let the social media platform know to check their security and protect your friend’s account.
What if it’s over text?
SMS phishing (smishing) will likely be easy to spot. Here’s a hint, don’t believe any of it. If it comes from a number you don’t recognize, then it’s probably not a message you want to open. Check to see:
- Is the website link misspelled or suspicious?
- Does it use a hidden link such as a bit.ly link?
- Is it vague and nonspecific?
- Are there spelling or grammatical errors?
Don’t click! Don’t respond!
Some hacker may include the familiar “Text STOP to stop receiving messages.” This may be another way to make them look more reliable. However, it can make you and your phone vulnerable. It is best to delete the message. If the spammer lures you in pretending to be your bank, call your bank with a number you trust. When you can, they can check if there is a problem with your account.
Talking about a trusted number…
Phishing scams can come over the phone too (vishing). A common scam you may have heard of is the “IRS calling.” Don’t give anyone your SSN number or any sensitive information over the phone without verifying their identity! The scammer may seem legitimate, but they may have stolen information about you from your social media platform to sound more convincing. Search for the number with a reverse phone lookup app or White Pages. Often there will be record of an IRS phone number, or more likely the spammer will have been reported under that number already.
Lastly, if you’re ever in doubt, just ignore it. Your bank will call again. The IRS will send you a letter. Your friend will make it home from Fiji safely. That too good to be true vacation will probably never happen. It’s better to be safe than sorry.
Enjoy this brief video from Microsoft Safer Online on the importance of internet safety