Vishing is an umbrella term for any scam that attempts to trick consumers into revealing personal information over the phone. Commonly, attackers will pose as representatives from legitimate companies or organizations and try to obtain information such as credit card numbers and Social Security numbers.

If you own a phone, you could be a target. Vishing scams can happen to just about anyone. Many criminals will use an automated service to call a massive group of phone numbers, hoping that even a few targets will answer the calls and divulge personal information.

Fraudsters are getting better and better at disguising themselves. Now, more than ever, you’ll have to put in some extra effort when you’re screening calls. As a rule of thumb, don’t give out any information over the phone if you’re unsure of who’s calling. If you have any doubts at all, hang up. Credit cards, bills and bank statements should all feature customer service numbers that you can use to see if the call you just received was legitimate.

SMiShing is a combination of the terms “SMS” and “phishing.” It is similar to phishing, but refers to fraudulent messages sent over SMS (text messaging) rather than email.

The goal of SMiShing is to capture people’s personal information. In order to do this, “smishers” send out mass text messages designed to capture the recipients’ attention. Some messages may be threatening, I.E., “Visit this URL to avoid being charged $5.00 per day,” while others may provide a fake incentive, such as “You have won a free gift card, visit this website to claim your prize.” If you click on a link in the text message, you will be directed to a fraudulent website that will ask you to enter your personal information, such as your name, address, phone number, and email address. In some cases, a SMiShing website will ask you to enter your bank account information or social security number.

SMiShing has become increasingly common now that smartphones are widely used. Many smartphones allow you to simply click on a link in a text message to view the website in your phone’s browser. This makes text messages an effective “bait” for luring unsuspecting users to fraudulent websites. Therefore, just like when you receive email spam, is best to not visit websites mentioned in text messages from unknown sources.

Pharming is another way hackers attempt to manipulate users on the Internet. While phishing attempts to capture personal information by getting users to visit a fake website, pharming redirects users to false websites without them even knowing it.

While a typical website uses a domain name for its address, its actual location is determined by an IP address. When a user types a domain name into his or her Web browser’s address field and hits enter, the domain name is translated into an IP address via a DNS* server.

The Web browser then connects to the server at this IP address and loads the Web page data. After a user visits a certain website, the DNS entry for that site is often stored on the user’s computer in a DNS cache**. This way, the computer does not have to keep accessing a DNS server whenever the user visits the website.

One way that pharming takes place is via an e-mail virus that “poisons” a user’s local DNS cache. It does this by modifying the DNS entries, or host files. For example, instead of having the IP address 17.254.3.183 direct to www.apple.com, it may direct to another website determined by the hacker. Pharmers can also poison entire DNS servers, which means any user that uses the affected DNS server will be redirected to the wrong website. Fortunately, most DNS servers (LIKE BAECU) have security features to protect them against such attacks. Still, we are not necessarily immune, since hackers continue to try to find ways to gain access to them.

While pharming is not as common as phishing scams are, it can affect many more people at once. This is especially true if a large DNS server is modified. So, if you visit a certain website and it appears to be significantly different than what you expected, you may be the victim of pharming. Restart your computer to reset your DNS entries, run an antivirus program, then try connecting to the website again. If the website still looks strange, contact your Internet service provider and let them know their DNS server may have been pharmed.

*DNS stands for “Domain Name System.” The primary purpose of DNS is to keep Web surfers sane. Without DNS, we would have to remember the IP address of every site we wanted to visit, instead of just the domain name. Can you imagine having to remember “17.254.3.183” instead of just “apple.com”?
**Cache is pronounced “cash” (not “catch” or “cashay”). Cache stores recently used information so that it can be quickly accessed at a later time. Browser cache – Most web browsers cache webpage data by default. For example, when you visit a webpage, the browser may cache the HTML, images, and any CSS or JavaScript files referenced by the page. When you browse through other pages on the site that use the same images, CSS, or JavaScript, your browser will not have to re-download the files. Instead, the browser can simply load them from the cache, which is stored on your local hard drive.
***ISP stands for “Internet Service Provider.” In order to connect to the Internet, you need an ISP. It is the company that you (or your parents) pay a monthly fee to in order to use the Internet.

Social Security Scam Calls

Romance Scams

IRS Imposter Scams

Nanny and Caregiver Imposter Scams

Family Emergency Scams

Tech Support Scams

Grandkid Scams

When local stores ran out of the supplies we needed to manage  COVID-19, many of us turned to online sources. According to a new Data Spotlight, scammers ran online sites and took orders for scarce items, but didn’t deliver. In April and May, more people reported problems with online shopping to the FTC than in any other months on record, and more than half of them said they never got what they ordered.

Reports show that early in the pandemic, shady sellers put up websites offering hard-to-find products. People ordered facemasks, sanitizer, toilet paper, thermometers, and gloves. When customers asked about their orders, scammers said the pandemic was causing shipping delays, and then stopped responding. When people reported undelivered orders to the FTC in April and May, facemasks were the #1 missing item.

Reports about online shopping issues aren’t new for the FTC. In fact, the number of those reports has grown every year since 2015. In 2019, people filed more than 86,000 reports about online shopping issues, including reports about orders that never arrived. People have reported losing a total of almost $420 million dollars related to online shopping issues since 2015.

To avoid problems when you shop online:

• Check out a seller before you buy. Type the website or company name into a search engine with words like “scam,” “complaint,” or “review.”
• Pay by credit card. If you’re charged for an order you never got, contact your credit card company and dispute the charge.
• Keep copies of the product description, price, receipt, and emails between you and the seller, including messages about shipping delays.

Cyber crooks are calling Internet users claiming to be their Internet Service Provider, warning them that their Internet connection will be disconnected unless the recipient of the call follows the caller’s instructions.

In most cases, this scam comes in the form of an automated phone call saying the recipient’s Internet will be disconnected. The phone call will ask the recipient to press 1 on their keypad or call another number to speak to a customer agent to solve the problem.

These scams can vary but the most common variants are:

• A phone call claiming the Internet will be disconnected due to illegal activity
• A phone call claiming the Internet connection has been compromised
• A phone call claiming the recipient’s router has been compromised

The scam is designed to either trick a recipient into installing malware onto their computer, or trick a recipient into giving away personal details about themselves over the phone.

If a recipient contacts a “customer agent”, they will actually be talking to a scammer. The scammer may claim the customer’s Internet connection, router or computer is infected with malware or has been compromised by crooks. They may also claim the connection is being disabled due to “illegal activity” detected on the recipient’s Internet connection.

This is to panic the recipient and trick them into following the scammer’s instructions over the phone. The scammer may ask the recipient to install remote desktop software, which gives the scammer access to a person’s computer and can allow them to install malware.

Alternatively the scammer may ask the recipient to provide sensitive and personal information, including banking information and passwords, which can subsequently lead to identity fraud.

If you get an unexpected call either from a real person or an automated messages claiming that your Internet connection will be disconnected for whatever reason, hang up the phone.

You can contact your Internet Service Provider from their official website or any documentation you have to check if the call was genuine, and because it is you that called your ISP, you know it really is your ISP that you’re talking to.

You get a call, email, or letter saying you won a sweepstakes, lottery, or prize — like an iPad, a new car, or something else. But you can tell it’s a scam because of what they do next: they ask you to pay money or give them your account information to get the prize. If you pay, you’ll lose your money and find out there is no prize.

3 Signs of a Prize Scam

Who doesn’t dream of winning a lot of money or a big prize? That’s why scammers still use the promise of a prize to get your money or personal information. The good news is that there are ways to tell you’re dealing with a scam.

Here are three signs of a prize scam:

1. You have to pay to get your prize. But real prizes are free. So if someone tells you to pay a fee for “taxes,” “shipping and handling charges,” or “processing fees” to get your prize, you’re dealing with a scammer. And if they ask you to pay by wiring money, sending cash, or paying with gift cards or cryptocurrency to get your prize, don’t do it. Scammers use these payments because it’s hard to track who the money went to. And it’s almost impossible to get your money back.
2. They say paying increases your odds of winning. But real sweepstakes are free and winning is by chance. It’s illegal for someone to ask you to pay to increase your odds of winning. Only a scammer will do that.
3. You have to give your financial information. There’s absolutely no reason to ever give your bank account or credit card number to claim any prize or sweepstakes. If they ask for this information, don’t give it. It’s a scam.

How Scammers Try To Trick You

Scammers will say anything to get your money. Here are ways they try to trick you into thinking you really won a prize.

• Scammers say they’re from the government when they’re not. Scammers try to look official. They want you to think you’ve won a government-supervised lottery or sweepstakes. They make up fake names like the “National Sweepstakes Bureau,” or pretend they’re from a real agency like the Federal Trade Commission. The truth is, the government won’t call you to demand money so you can collect a prize.
• Scammers use names of organizations you might recognize. Scammers might pretend to be from well-known companies that run real sweepstakes. But no real sweepstakes company will contact you to ask for money so you can claim a prize. If you’re unsure, contact the real company directly to find out the truth. And look up the real company’s contact information yourself. Don’t rely on the person who reached out to you to provide you with the real contact information.
• Scammers send you a message (via text, email, or social media) to get your personal information. You might be told that you won a gift card or a discount code to a local store. Or the message may say you won something expensive, like an iPad or a new car from your local dealership. Scammers hope you’ll respond with your personal information or click on links that can take your personal information or download malware onto your device. Don’t respond.
• Scammers make it seem like you’re the only person who won a prize. But the same text, email, or letter went to lots of people. If your message came by mail, check the postmark on the envelope or postcard. If your “notice” was mailed by bulk rate, it means many other people got the same notice, too. For other types of messages, check online to see if others are reporting that they got the same message.
• Scammers say you’ve won a foreign lottery, or that you can buy tickets for one. Messages about a foreign lottery are almost certainly from a scammer — and it’s a bad idea to respond. First, it’s illegal for U.S. citizens to play a foreign lottery, so don’t trust someone who asks you to break the law. Second, if you buy a foreign lottery ticket, expect many more offers for fake lotteries or scammy investment “opportunities.” Finally, there are no secret systems for winning foreign lotteries, so don’t believe someone who tells you they can help you win.
• Scammers pressure you to act now to get a prize. Scammers want you to hurry up and pay or give them information. They tell you it’s a limited time offer or you have to “act now” to claim your prize. They don’t want you to have time to evaluate what’s really happening. Don’t be rushed — especially if they want you to do something to get your prize.
• Scammers send you a check and ask you to send some of the money back. This is a fake check scam. If you deposit the check, it can take the bank weeks to figure out that it’s fake. In the meantime, the bank has to make the funds available, so it can look like the money is in your account. But once the bank finds out the check is fake, they’ll want you to pay back the funds. Read How to Spot, Avoid, and Report Fake Check Scams for more tips.

If you’re not sure about a contest or the company sending you a prize notification, search online to see if you find anything about them. Type the name with terms like “review,” “complaint,” or “scam.”

What To Know About Real Contests and Prizes

Plenty of contests are run by reputable marketers and non-profit organizations. But there are some things to know before you drop in a quick entry or follow instructions to claim a prize.

• Real sweepstakes are free and by chance. It’s illegal to ask you to pay or buy something to enter, or to increase your odds of winning.

• Contest promoters might sell your information to advertisers. If you sign up for a contest or a drawing, you’re likely to get more promotional mail, telemarketing calls, or spam.

• Contest promoters have to tell you certain things. If they call you, the law says they have to tell you that entering is free, what the prizes are and their value, the odds of winning, and how you’d redeem a prize.

• Sweepstakes mailings must say you don’t have to pay to participate. They also can’t claim you’re a winner unless you’ve actually won a prize. And if they include a fake check in their mailing, it has to clearly say that it’s non-negotiable and has no cash value.

A special note about skills contests. A skills contest — where you do things like solve problems or answer questions correctly to earn prizes — can ask you to pay to play. But you might end up paying repeatedly, with each round getting more difficult and expensive, before you realize it’s impossible to win or just a scam. Skills contests can leave contestants with nothing to show for their money and effort.

What To Do if You Paid a Scammer

Scammers often ask you to pay in ways that make it tough to get your money back. No matter how you paid a scammer, the sooner you act, the better. Learn more about how to get your money back.

Report Prize Winnings and Lottery Scams

If you think you’ve been targeted by a prize scam:

• Report it to the FTC at ReportFraud.ftc.gov
• You also can contact your state attorney general and your local consumer protection office.
• If the prize promotion came in the mail, report it to the US. Postal Inspection Service.
• If you think you gave your personal information to a scammer, go to IdentityTheft.gov for steps you can take to protect your identity.
• Tell your friends and family. You could help them avoid getting scammed.