This year, WMS, inc. has witnessed an alarming uptick in attempted cybercrime activity. We have thwarted dozens of attempts to compromise the integrity of client accounts, as well as prevented the fraudulent outflow of significant amounts of assets. Unfortunately, some of our clients have also experienced cybercrime directly. And while these criminals are becoming more sophisticated, understanding the principles behind their tactics is the first step in protecting yourself and your assets.
Cybercrime is divided broadly into two categories: Spoofing and Phishing
According to the FBI, Spoofing is when someone disguises an email address, sender name, phone number, or website URL to convince a recipient that they are interacting with a trusted source. Recently, we’ve seen spoofed email addresses and websites from what appear to be Apple, CITI Bank, and the Social Security Administration, to name a few. Criminals then depend upon being able to manipulate recipients into believing these spoofed communications are real, which can lead downloading malicious software, sending money, or disclosing personal, financial, or other sensitive information.
While separate activities by definition, Phishing on the other hand, actually relies heavily upon Spoofing techniques to steal information or assets. For example, you may receive an email from your auto loan servicer, requesting an update to your account information. That email, which spoofed the branding of your loan servicer, will likely contain a link to a website that may be virtually indistinguishable from its legitimate counterpart. On this website, there will be a form for you to input information including, but not limited to your name, contact information, and social security number. Then, scammers will use this information to commit identify theft and fraud.
In fact, an instance of widespread identity theft is plaguing residents of Pittsburgh and its suburbs at the moment, which officials believe is tied to a targeted phishing scam from earlier this year. Hundreds of reports have been submitted to police, after residents began receiving debit cards from Chase bank for accounts they never opened. Police say the accounts are not being opened to be used by the scammers, but instead, the scammers are collecting a $200 incentive that is being offered by Chase for any new bank account. So, while no apparent monetary consequences are impacting the affected citizens in this instance, this should serve as a reminder about how easily criminals can assume an identity and then open financial accounts in another person’s name.
Yes, identity thieves are becoming increasingly sophisticated, but you can still take steps to make yourself a more difficult target. More often than not, they are going after low-hanging fruit, so if you complicate their process, they will likely move on.
1) No Gift Cards, Ever
No legitimate organization or scrupulous individual will ever want to be compensated with gift cards and this is especially true for US Government agencies. If you find yourself in a situation where you’re being threatened by someone who is instructing you to send gift cards to resolve a problem, contact the FBI immediately via the Internet Crime Complaint Center or by calling 1-800-CALL-FBI. (225-5324)
2) Independently Verify
If you receive an email that appears to be from a legitimate source requesting personally identifiable information, find a phone number or email address for that organization and then verify for yourself if in fact the request was legitimate. For example, if you receive a voicemail from the IRS asking you to call back to verify your social security number, call the IRS at a number from their website. The person on the other end of the line will be able to immediately determine if the voicemail was fraudulent or not.
3) Don’t Overshare
The FBI lists pulling information shared on social media as one of the key tactics scam artists uses to trick victims into sharing critical information or sending money. Commonly, scammers will pose as family members of the person receiving a call, alleging to be in jail. Then, the scammer will ask the potential victim to wire money to a bank account or send gift cards to an unfamiliar address. In addition to learning names you may recognize, scammers can also use information you may have shared about your family members, schools you’ve attended, pets’ names, or even your birthday to guess your passwords.
4) Lock Your Credit Reports
Following the 2017 Equifax data breach, we recommended that everyone lock their credit reports from Equifax, Experian, and Transunion immediately and only temporarily unlock specific reports going forward. We still encourage this practice today, because it makes opening a financial account with your information virtually impossible.
Combating identity theft is an active and ongoing exercise. It has forced us to scrutinize every call, text, or email, because spoofing and phishing tactics have become so prolific. When attempts to compromise your security occur on a near-daily basis, the best way to protect yourself is to practice the steps listed above. You can also rest assured knowing we have made combatting cybercrime threats a chief tenant of our business and will continue to communicate any new information we learn.