My Philly Daily Crime Beat Column: Gone Phishing — Online Scammers Are Looking To Put A Hook In You

Philly Daily ran my Crime Beat column today on phishing and other online scams 

You can read the column via the link below or the following text:

Davis: Gone phishing — Online scammers are looking to put a hook in you - Philly Daily

While taking a walk through my South Philadelphia neighborhood on a fine day with a fine cigar last week, I ran into a man who works in the computer security field.

Knowing that I write a column about crime, he spoke to me about the various computer scams that crooks are using to con people out of their money these days.

A couple of days later I thought of our conversation when I read the Pennsylvania Attorney General’s alert about “Phishing” scams.

On May 7^th the Attorney General put out an alert notice that asked Pennsylvania residents if they had ever received an email invitation to an event, conference, or birthday party from a friend or acquaintance using a digital invitation or a social planning platform?

“Attorney General Dave Sunday (seen in the above photo) is alerting Pennsylvanians of a new scam in which consumers receive email invitations from compromised accounts belonging to friends or acquaintances. These emails often include a link prompting recipients to view the invitation and RSVP,” the notice stated.

The alert notice explained that when clicking the link, users may be asked to log in or connect using a Google, Apple, Microsoft, or similar online account. Doing so can result in malware being installed on your device or your email credentials being stolen. Legitimate invitation platforms will not require you to sign in simply to view an invitation. 

“Scammers are constantly evolving their tactics to appear more credible and trustworthy,” Sunday said. “If you receive an unexpected invitation that requires you to log in or provide personal information, take a moment to verify it directly with the sender – that extra step can protect your personal data and prevent serious harm.”

The Attorney General’s Office explains how to spot these scams:

Verify the invitation with the sender of the email via a text or telephone call.

• Legitimate invites will never ask you to enter a password and rarely will ask you to download anything.
• Hover over links to confirm they lead to a legitimate website – if you’re unsure, do not click.
• Be cautious of generic invites.

The Attorney General’s Office offers advice on what to do if one thinks that their email may have been compromised:

• Change your email password immediately.
• Enable two-step authentication for your email account.
• Report email to your provider as a phishing attempt or scam.

“Consumers with any questions or believe they may have been involved in a scam should contact the Office of Attorney General’s Bureau of Consumer Protection by visiting the website, by emailing scams@attorneygeneral.gov or by calling the office at 1-800-441-2555.

 

On a national level, the FBI warns that “phishing schemes often use “spoofing” techniques to lure you in and get you to take the bait,” (as phishing is akin to fishing, get it?)

“These scams are designed to trick you into giving information to criminals that they shouldn’t have access to,” the FBI explained. “In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look similar to one you’ve used before. The email may be convincing enough to get you to take the action requested.”

But once you click on that link, the FBI warns, you’re sent to a spoofed website that might look nearly identical to the real thing - like your bank or credit card site - and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.

Phishing has evolved and now has several variations that use similar techniques:

• Vishing scams happen over the phone, voice email, or VoIP (voice over internet protocol) calls.

• Smishing scams happen through SMS (text) messages.                                                            
• Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites. Remember that companies generally don’t contact you to ask for your username or password.
• Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
• Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
• Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
• Set up two-factor (or multi-factor) authentication on any account that allows it and never disable it.
• Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.

Paul Davis’s Crime Beat column appears here each week. He is also a contributor to Broad + Liberty and Counterterrorism magazine. He can be reached via pauldavisoncrime.com.