By Attorney General Derek Schmidt
We have heard and read much recently about the growing threat of cyber criminals lurking to scam, fraud and outright steal personal identifiable information and access finances. It is a good reminder of the perils of living in an information society and the caution that must be exercised when navigating online.
One of the most common forms of cybercrime is what is known as phishing. Similar to the outdoor activity that is spelled differently, scammers and fraudsters use their tricks of the trade to bait unsuspecting victims into taking their hook and giving access to information, sensitive data and finances. It is a crime that affects private individuals as well as businesses each and every day. According to the FBI’s Internet Crime Complaint Center, people lost $57 million in phishing schemes in 2019 alone.
Phishing schemes are disguised as legitimate email and text messages with information that the viewer believes they are supposed to open. However, these messages are modern-day Trojan horses, allowing the scammer to gain access to personal information, finances or computer systems to cause great harm.
While scammers and fraudsters are constantly honing their craft, these are some typical signs that can help consumers, businesses and their employees to recognize a phishing expedition:
- Familiar names: Phishing emails and text messages may look like they are from a company you know or trust. They may come from a bank, credit card company, social networking site, online store or an online payment site. Often the address in the message has been slightly altered in manner that isn’t immediately recognizable, such as a different domain name or juxtaposing of key words.
- Storytelling. Phishing emails or text messages frequently tell a story to trick the reader into clicking on a link or opening an attachment. The scammer tries to convince the recipient that there is a serious problem with their computer or online accounts, usually seeking some form of verification of financial information or account data. This may also include a false invoice to make a payment. Several Microsoft scams have been used, saying that the software company is aware of issues with your computer and you must move your money to a new bank account to avoid hackers.
- Take a look at this. Scammers send links that look like a news story, video or meme when in reality they are laced with viruses and other malware that can infect your computer or provide hidden access to your data, passwords and personal information.
- Do I know you? If you do not have an account with the sender and the email or text looks suspicious, delete it without opening it. If you do recognize the sender, contact the company or individual using a phone number or website you know is real, not the information in the email.
The good news is there are ways to protect yourself and your finances from these unwelcome practices. First, make sure your computer is protected by a security software. Set the software to update automatically to stay current with new emerging threats. Your mobile phone should also be set to have its software automatically updated to protect against security risks. Always use a multi-factor authentication for your accounts. Multi-factor authentication means using two or more ways to verify your identity: something you know, such as a password or PIN; something you have, such as a token or smart card; and something you are, such as a biometric like a fingerprint. An example of multi-factor authentication would be using a password along with a fingerprint to open a cell phone or computer. Also, it is a good idea to back up your data to a device that isn’t connected to a home or work network, such as an external hard drive.
When someone receives these suspicious messages, they should report the information to their service provider who has procedures in place to address these types of texts and emails going out. You can report suspicious emails by contacting either your email provider or the sender’s email provider, if it is apparent. In your report, make sure to include the entire unwanted email and explain that you are complaining about spam.
To report text messages, report the spam to the messaging app that you use. You can also copy the message and forward it to 7726 (SPAM), or report it to the Federal Trade Commission at ReportFraud.ftc.gov.
More information on staying safe from scams is available on the attorney general’s consumer protection website at www.InYourCornerKansas.org. If you suspect a scam or fraud, or any other violation of Kansas consumer protection laws, you can file a complaint with our Consumer Protection Division online at the aforementioned website or by calling (800) 432-2310.