In the past month I had two items occur that raised my phishing alert.
Phishing is a form of social engineering. Crooks frequently take advantage of the fact that people (1) like to be helpful and (2) make assumptions when someone calls or emails them and seems to be in authority. Then the crooks ask for information including passwords, social security numbers, phone numbers, you name it. The purpose of asking for this information is to gain access to company networks, personal accounts, get enough information to steal identities, you name it.
An ok email
The first item came through email. It said it was from a website for which I had written a blog post, asking me to update my information, including changing a password. The email did not come from the actual website. I emailed the people I knew from the site and they confirmed, yes, in fact the email had come from them. They also noted I had made a wise decision, checking first. So I checked, everything was ok, and I completed the form. All it took was a quick email to the person I knew from the site and waiting for a response. Maybe a minute of my time.
An attempt to steal my information and my money
The second came through my cell phone. The person on the other end of the call claimed to be from a credit card company with whom I have a card. He said he was calling to update my information with that particular company. At first I had the usual human urge to respond, but then I stopped myself and said, I don’t provide that information over the phone and I hung up.
That night I checked in with the credit card company in question. Sure enough, they hadn’t called me. The company thanked me for letting them know, asked for the phone number from which the call came, and told me they would research the issue.
No doubt the individual calling, once he got me to start giving information, would have pushed me along in an effort to get as much information as he could, including my social security number. Whatever information I gave him would have gone a long way to helping him steal from me and the credit card company.
Most likely the scammer got my information from the Epsilon security breech that occurred back in April. That breech provided crooks all the information they needed for phishing efforts. I imagine the scammers decided to hold off for a few months, waiting for the news to die down. Well, it has and people aren’t going to be on high alert any more. They should be though. During the time I was on the phone I could hear other people talking in the background. This means that the scammers have set up a whole call center and are working the phones trying to get your information. And this is just one group. No doubt there are many more.
Conclusion
It never hurts to check before you provide information to anyone. If someone else initiates a call or an email, always check with the site or company before you provide that information. And make 100% sure that you communicate with the correct person, site or company. In other words, don’t just click on a link in the email or call back a number provided by the person calling. Make sure you go through official channels.
It doesn’t take very long to make sure you are communicating with a legitimate organization. On the other hand, the ramifications of giving out information to crooks can be extremely serious. Your credit can be destroyed and/or your identify stolen. Preventing this from occurring is certainly worth a few minutes of your time. And if you don’t want to take the time to confirm that the company contacting you is legitimate, just don’t answer the questions at all.