Ahmed Jaber* Their names may sound funny but their financial consequences are not: “Phishing,” “smishing,” “vishing” and “pharming” are just a few of the ways criminals gain access to personal information via your computer or smartphone. If you're not careful, identity thieves can use harvested information to open fraudulent bank or credit card accounts, take out loans, rent apartments or even charge medical procedures to your insurance plan. Unfortunately, every time the authorities plug one hole, crafty criminals figure out new ways to trick unsuspecting victims. Here are some identity theft scams to watch out for: Phishing: This is where you receive an email, purportedly from a trusted source like a government agency, bank or retailer that asks you to supply or confirm account information, log-in IDs or passwords. These imposters are “fishing” for your personal information. Legitimate organizations never ask you to verify sensitive information through a non-secure means like email. Smishing (for “Short Message Service”): Like phishing, only it uses text messages sent to your cellphone. Even if you don't share any information, just by responding you're verifying that your phone number is valid, which means it probably will be sold to others who will try to trick you into their own scams. Vishing (voice phishing): Where live or automated callers direct you to call your bank or credit card issuer under the pretext of clearing up a problem (like theft or overdrawn accounts). You'll be asked to share personal or account information. Keep a list of toll-free service numbers for all companies you use so you can call them directly without fearing you've been given bogus information. I also program these numbers – but not account numbers – into my cell phone in case I'm traveling. A few tips for spotting risky emails and texts: • Never give sensitive information by responding to an email/SMS. Remember, legitimate organizations never ask you to verify those through a non-secure means like email. • Although the “From” line may appear to be from a valid company email address, that's easy for fraudsters to mimic (called “spoofing”). • Beware of subject lines and body copy that use ominous or threatening language (e.g., “Your credit card has been suspended”). • Lack of a personalized salutation or closing details (e.g., “Dear Valued Customer”). • Watch for typos, poor grammar, punctuation, capitalization consistency and other warning signs it's not legitimate. • Scroll your mouse over any embedded links before clicking to check for suspicious domain endings • Verify that an alert or request for information is legitimate by looking up the company's phone number and calling it yourself. • Make sure your anti-virus and anti-spyware software is current. Pharming: Where hackers redirect you from a legitimate website to an impostor site where your personal information is harvested (“farmed”). Social networking sites like Facebook and Twitter increasingly are being targeted, so always be wary of opening any links – even from trusted friends – because their account may have been hacked. A few tips to identify an unsafe website: • Never click on a link embedded in an email. Even if sent from someone you trust, always type the link into your browser. • Look for signs of legitimacy. Does the website list contact information or some signs of a real-world presence. If doubtful, contact them by phone or email to establish their legitimacy. • Read the URL carefully. If this is a website you frequent, is the URL spelled correctly? Often times, fraudsters will set up websites almost identical to the spelling of the site you are trying to visit. An accidental mistype may lead you to a fraudulent version of the site. • Check the properties of any links. Right-clicking a hyperlink and selecting “Properties” will reveal the true destination of the link. Does it look different from what it claimed to lead you to? • When visiting a website that asks for sensitive information such as credit card numbers or your social security number, make sure that the website is encrypted over a secure connection: • HTTPS: One such sign to look for is in the URL of the website. A secure website's URL should begin with “https” rather than “http”. The “s” at the end of “http” stands for secure and is using an SSL (Secure Sockets Layer) connection. Your information will be encrypted before being sent to a server. • The lock icon: Another sign to look for is the “Lock” icon that is displayed somewhere in the window of your web browser. Different browsers may position the lock in different places. Be sure to click on the “lock” icon to verify that a website is trustworthy. Utilize your internet browser's security tools. Make sure to install the most current version of your web browser. Most browsers have sophisticated filters that can identify and warn you of potential security threats. For more tips protecting personal and account information and preventing online fraud, visit: • The National Cyber Security Alliance's www.staysafeonline.org. • The FBI's Be Crime Smart page, which highlights the latest scams and tells you how to report crime and fraud (www.fbi.gov/scams-safety). • Visa Inc. offers VisaSecuritySense.com, which features tips on preventing fraud online, when traveling, at retail establishments and ATMs, deceptive marketing practices, and more. And finally, don't forget good-old-fashioned pickpocketing, mail theft and dumpster diving as ways people may try to steal your personal information. *The writer is Visa country manager
