Phishing, Smishing, and Spoofing
| 4 min read
We’ve seen an uptick in scams through text, email, and direct messaging that urge users to click on a link that facilitates malware or fraud. Some of these deceptive communications are so sophisticated, even the most vigilant are second-guessing whether that text they got was real or not. Here are some of the latest tactics.
Glossary:
Phishing: Sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers
Email Spoofing: The term applies to email purporting to be from an address which is not actually the sender’s; mail sent in reply to that address may bounce or be delivered to an unrelated party whose identity has been faked.
SMS Spoofing: Using SMS technology to replace the originating mobile number (Sender ID) with alphanumeric text. This technology, when used maliciously, impersonates another person, company, or entity.
How the Scam Works
Phishing scams usually attempt to extract sensitive information by getting you to click on a link and share your personal information, believing you are interacting with an organization you trust.In spoofing texts or emails, the sender details (name, phone number, etc.) are changed ever so slightly to make them seem legitimate. For example, they may change an upper-case “I” to a lower-case “L” so that visually it looks correct (can you see the difference between l and I?).
Spoofing is all about impersonation. Cyber criminals impersonate a trusted contact or a reputable company. For example, you may seem to get a text from Vantage West alleging suspicious activity on a credit or debit card asking for details to verify your account, such as your social security number. Providing these details allows scammers to collect confidential account information that can be used for theft or fraud.
Or you may receive what looks like a genuine text from Vantage West stating you have a pending order with Amazon, with a link to cancel the order (see image). Clicking the link leads to a website where malware is downloaded onto your phone to extract sensitive information.
Other attempts to get you to click a link may include claiming you’ve won a prize, have been overcharged on a bill, are owed a refund on an overpayment, or that there’s a problem with a recent purchase or transaction. It is important that you do not click on suspicious links, as even the click itself can do damage.
Attackers are clever; they target people who are waiting for delivery confirmations or who have bank transactions that are still pending. They use these otherwise valid details to create a false “problem” that preys on fears around finances and fraud, prompting the user to act with a sense of urgency.
Always react to communications such as emails and texts with caution. Don’t click on a link if you are at all suspicious. If something looks phishy, it probably is. In the case of receiving a phone call, don’t be afraid to hang up and call back the official number directly. Never give your personal information out to an unfamiliar person who contacts you directly.
Red Flags to Look For
Fortunately, there are best practices that can help you identify a scam and avoid becoming a victim. If you receive a text about suspicious activity regarding your Vantage West accounts, do not react immediately (i.e. do not click the provided link or respond in any way) and keep these tips in mind:
- Check the URL provided in the link. If it does not match our website exactly, do not click the link.
- If the text uses urgent, fear-based language, or encourages you to give out a password, social security number, or any other sensitive information, do not respond.
- Vantage West will NOT ask for your PIN number.
- Vantage West will NOT ask for the three-digit security code on the back of the card.
- Vantage West will NOT ask you for a verification code texted to your phone. (Please note that text message verification codes are always sent for your private use. The text messages themselves state not to share the code with anyone, and that includes Visa or Vantage West representatives.)
- If a caller makes you feel suspicious or unsure, hang up and call Vantage West at 800.888.7882, contact us through Live Chat, or stop by a branch.
- If you’re sure a text is a scam, delete it right away. You can also change the settings in your phone to filter out unknown senders or block numbers
What to do as a Victim of a Scam
If you believe you are a victim of a spoofing scam, reach out to us immediately at 800.888.7882 or stop by a branch to file a fraud claim. Victims are also encouraged to file a complaint with organizations that protect consumers and prosecute scammers for their crimes. Spoofed calls can be reported to the Federal Trade Commission and the Federal Communications Commission. These agencies have the authority to enforce federal laws that regulate caller ID spoofing, autodialed calls, and interstate fraud perpetrated over the phone. They may not be able to investigate individual cases, but reports can help them collect evidence for lawsuits against scammers.