Don’t Fall for Phishing & Smishing Scams

Published on February 25, 2019 | 3 min read | Kevin Thompson

We’ve all received those emails or text messages, from unknown or even known senders, with an urgent issue asking you to click on a link or call with your debit card information to rectify. These tactics are known as phishing (email based) and smishing (cell phone text message), and they dupe unsuspecting consumers into infecting their computers and mobile devices with malware or into handing over important personal information. Once the fraudsters have infected your computer or phone, they go to work obtaining log-on credentials and personal information. If you give up your debit or credit card information, they will use that information to start shopping as though they were you.

The Bait: “Click this link or call this number to have your debit card turned back on.”

The Hook: The link you just clicked infected your computer or mobile device with malware or you just gave a fraudster your debit card number and PIN (personal identification number).

How it Works:

The fraudsters may only have a phone number or email address when they start their scheme, but they’re hoping you supply them with the rest of the information needed to perpetrate fraud. The emails and text messages will appear to be from reputable companies that you do business with, such as your bank or cell phone provider, and will often include the company logos to appear legitimate. The messages will also convey a sense of urgency, such as “your card has been blocked, to reactivate – respond with your card number and PIN immediately”. Consumers are usually more concerned with getting their card turned back on than thinking about the legitimacy of the email or text message, which is what the fraudsters are counting on.

Don’t be Dinner:

Be careful what you click on! Once one person is infected with the malware, the fraudsters can look through their contacts for more potential victims to target. The fraudsters may even send the message as though they were a friend of yours.

• If you receive a message purporting to be from your bank, call your bank to verify.
• Webster will only send text message alerts if you sign up for them, and we will never ask for your card number or PIN through a text message.
• If there is a link in an email, you can hover over the link with your mouse (DO NOT CLICK) to reveal the true address behind the link.
• If there is a file attached to the email, here are some common file extensions that are popular among fraudsters – .exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, .php. Don’t open these files!

Scammers are getting more and more accurate in impersonating real emails and text messages. If you think you’ve been a victim of one of these schemes, have your computer or phone professionally cleaned or call your bank to have a new debit card issued. You should also file a complaint with www.ftc.gov.