“Phishing"—as in fishing for confidential information—refers to a broad scam that involves crooks using email to steal personal and/or financial information. They are seeking to discover user names, passwords, bank account numbers, Social Security numbers, credit card numbers, expiration dates, PIN numbers, billing addresses and telephone numbers.
Phishing could involve an email with what appears to be the actual logo of a bank or company in which the criminals try to capture the attention of a consumer. It may cause concern, or even a small panic, by saying an account was hacked or closed—and then requesting the individual to provide information about that account.
“Smishing” is phishing through messages via formats such as text messages, WhatsApp, WeChat and other message platforms.
“Vishing” is when voice-recorded messages via phone calls are used to lure in unsuspecting residents.
“The only way that this type of scam will work is if a person willingly or accidently gives the scammer access to their information,” said OCP Director Eric Friedman. “Although people say they would never fall for a fictitious attempt to get their information, the criminals are very good at making themselves appear legitimate.”
One way to carefully check the information is to call a known legitimate consumer information number to confirm what was sent in the email—or learn that it was a criminal attempt. Do not immediately reply to a suspicious email, text or call to a number they provide.
The County Office of Consumer Protection offers the following tips on how to avoid being hooked by a phishing attempt:
- Scams may look like they are from a company a person knows or trusts. If you receive an unsolicited e-mail or instant message that requires providing personal information, do not respond. Instead, contact the organization directly.
- Scams often tell a story to trick consumers into clicking on a link or opening an attachment. If a link or attachment is provided in an unsolicited e-mail or instant message, do not click on the link or open the attachment. The link provided could take the potential victim to a fake—but realistic looking—"mirror" site or will download a virus or malware that will steal passwords, account information and money. The same virus and malware downloads can be hidden in pictures, PDFs or other attachments.
- Scammers may have trouble with written English. Be especially wary of emails or websites that have typos or other obvious mistakes. Look for extra exclamation points, accents and other slight tweaks to logos and company names.
- Scammers spoof the legitimate business’s email address. Always hover over the sender’s email address to see from where it is really coming.
- Scammers ask for information a legitimate business already has. No financial institution or legitimate business will contact a person and ask for sensitive information such as account numbers, Social Security numbers or PINs.
- Be very careful in using gift cards, since payments with gift cards are hard to trace if provided to a scammer. For example, if a person is contacted by someone saying they are from a utility company and service is to be disconnected unless a payment is sent via a gift card, this is clearly is a scam and the funds will never be recovered.
Scammers, in their attempts to seem legitimate, often provide consumers with a phone number or email address for verification—although they are just referring the consumer to a colleague who is part of the scam. OCP advises not to trust contact information you do not find on your own.
If a consumer suspects, or determines, a website is not legitimate, contact the FBI’s Internet Crime Complaint Center. Complaints about phishing, smishing and vishing also can be filed with the Federal Trade Commission. Suspected phishing emails additionally can be forwarded to the Anti-Phishing Working Group at reportphishing@apwg.org and smishing text messages can be forwarded to SPAM (7726).