Smartphone Phishing, Smishing and Vishing Scams Can Empty Your Bank Account

Phishing: The original crime with fake e-mails

Phishing came first when fake emails fooled people into giving up information about themselves. Phishing is done by sending emails or messages that are identical to emails sent by a bank, credit card company or other financial institution.

The victim is told that something is wrong with the bank account and is ordered to click on a link that is provided in the message. The link goes to a website that looks exactly like the sign in page for the bank or other account. After entering password and other information, the victim either gets no results or is told that all is well, but here is what really happened:

That phishing victim just gave full bank or other account access to total crooks and strangers! These people definitely intend to loot the bank accounts or to commit identity theft.

Phishing with "Spoof Sites"

Phishing has also been accomplished through "spoof sites". These are sites that are set up with web addresses that had imperceptible errors. A person searching for "babk of america" would find babk of america and click on the link without noticing the error.

The site would have the exact same login screen and other features, but is only set up to collect access information. Eventually spelling errors and other problems would give these sites away.

Convincing spoof sites have also been set up for entering Social Security Administration, IRS, EBay, PayPal and other information.

Google Search has joined the battle against spoof sites. Google search will correct the spelling for the web searcher, and will present the truest websites at the top of the search results.

Phishing like the spies do it: or "Social Engineering"

Other forms of phishing can be as sophisticated as any con game or James Bond style of spying. Key accesses and files are stolen. Key people are approached and tricked into situations that allow them to be blackmailed. Most people know to shred financial and other sensitive documents. Many have learned to get secure mail boxes or to get post office boxes.

But few people are savvy enough to see through the new live in boyfriend or girlfriend.

Be aware that phishing criminals are persistent and will not stop finding ways to steal your information. They will not stop trying to fool you into interacting with fake banking or other websites. They will not stop with the "social engineering".

With Phishing, NEVER click on a link in a banking email or any other email from a financial institution. Use the bookmarked web address that you took from from a statement or bill.

When you set up that web address, use your notepad and carefully check each and every character. Then copy and paste to the address window.

Shred your sensitive documents and have a secure physical mailbox or a post office box. Think twice before ever giving up social security, credit card or bank account numbers, online, over the phone, or in the real world.

With Smishing, NEVER call the phone number that is provided in the SMS (text) message.

ALWAYS keep a list of current web addresses and phone numbers for your bank and other financial institutions. This will allow you to compare the phone numbers with those suspicious smartphone texts or the links in those fake emails.

With vishing, NEVER give information to people who just happen to call you. Hang up on them immediately and call the number that is in your files.

NEVER fall for threats or aggression, either. The company cannot charge late fees or otherwise retaliate against you for refusing to give up information to a stranger who makes an unannounced or unexpected call. Dell Financial Services is very stupid about this and will keep sending robo calls demanding the last four of the social security number. Never, ever give up any information to someone who calls. Hang up and check up on the matter through the proper channels.

CHECK your accounts frequently. Know your balances and know the latest activity on the account. Pay bills on time or as early as possible. If times are hard, set up a working relationship with a representative at the firm and have a specific number to call. This will ensure that creditors and financial institutions will have no reason to call you in the first place, or they will be known individuals.

USE Hotmail or other email features for reporting emails as phishing scams.

GATHER AS MUCH PROOF AS POSSIBLE AND REPORT any fake texts, voice messages, or emails to US CERT, which is a central collection point for phishing reports. This reporting center should also work for smart phone phishing, or smishing.

With Smart Phones, the term is either smishing or vishing.

Smishing involves fake SMS (text) messages. These messages give alarming, but fake warnings about problems with a bank or other account. The victim is instructed to call a phone number that is provided. The victim calls that number and is told to give up account and other information. The victim gives up the information, thinking that they are working with their bank or other account. The victim gives up enough information for criminals to loot their account or to commit identitiy theft.

Vishing is done with a Voice over internet (VoIP) call. All smartphone calls are VoIP calls. With a vishing scam, a recorded announcement instructs the victim to call the number that is provided. That phone line is manned by crooks who take in enough information to cause great harm.

IS THIS HAPPENING? Yes. Recently, according to Clark Howard's Saturday broadcast, hackers obtained a large quantity of detailed banking records and are now sending texts to customers in the hopes that some of them will be foolish enough to call the phone number provided.

In less sophisticated operations, texts and recorded announcements are sent to vast numbers of people. The guess is that some of them will have accounts at a certain bank or credit institution and that a certain number of those customers will fall for the trick.