Phishing and Spoofing Identity Theft Schemes

17
27088

Overview

Half of all internet users get at least one phishing email per day. For those of us who are active with email and social media, that number goes up considerably. Phishing emails are designed to get you to provide personal information such as your bank account number, routing number, social security number, birth date, etc. (see the AOL email fraud example below). The information obtained is used to secure a credit card in your name or draft a payment from your checking account.

How to Spot Fraudulent Emails

Although identity thieves constantly change their approach, many phishing scams have similar characteristics. Being familiar with these will help you determine whether an email is fraudulent.

Look for Spelling and Grammar Errors – Most companies that send official emails take the time to proofread and double-check that their emails are free of spelling and grammatical mistakes. It’s a good business practice, and it’s a sign that you’re reading a message from a legitimate company. If you receive a message filled with errors, it is more than likely a scam.

Use of ALL CAPS – Phishing attempts often try to create a sense of urgency to get you to take action immediately. Look for statements like, “YOU MUST CHANGE YOUR PASSWORD NOW.” It is important to note that most legitimate companies don’t use email as their first contact method for urgent matters.

A Fake Display Name – Most phishing emails will fake the “From” name to get you to believe it is from a legitimate person or business. This is called “spoofing.”

Phishing Email Example

Below is an example of a fraudulent AOL email scam:

Dear John.Smith@internet.com:

We use this medium to notify you that your AOL account has generated some errors on our MySQL Database and you are required to follow all instructions given to you in order to correct this problem.

During our regular account verification procedure, we encountered a technical problem and we could not verify your information which we have on file. Your account data could not be recovered due to system errors resulting from Windows update. As a result of this, your information which we have on file is incomplete and your account functions are abnormal.

In respect to the above, you are urgently required to re-submit your information via our servers so that we can fully verify your AOL account; otherwise, your access to AOL services will be deactivated until you pass the verification procedure.

We strongly require that you click here to verify your AOL account!

Note that failure to verify your account immediately will lead to permanent deactivation of your AOL account..

We are very sorry for the inconveniences this might have caused you and we assure you that everything will return to normal as soon as you have done the needful.

AOL Technical Team

2011 AOL LLC. All Rights Reserved.

What to Do if You Receive the Email

If you receive this or any other fraudulent email, please do the following:

  • Don’t click on any links in the email
  • Don’t reply to the email
  • Mark the email message as spam
  • If unsure of an email’s authenticity, forward the email to your email provider’s abuse contact. For example, AOL’s abuse email is aol_phish@abuse.aol.com.

How to Tell if AOL Mail is Official, or if it is AOL Email Fraud

When AOL sends an important email to its users, they mark each message with a slight blue AOL icon. The blue icon is located between the sender and the subject line. Below is what the blue icon looks like:

AOL official mail icon

Also, when you open an Official AOL email message, you’ll see the “Official Mail” banner at the top.

If you get a message that seems like it’s from AOL but it doesn’t have those two indicators, it’s a fake email. Report the AOL email fraud to help them address the problem.

Smishing Identity Theft for Cell Phones

Chances are, you have security software installed on your computer to protect your email against “phishing”— fraudulent messages that attempt to get you to reveal sensitive information such as account numbers and passwords. Unfortunately, these same scams come directly to your phone via a text message. “Smishing” is done over short message service (SMS), more commonly known as text messaging.

The Pew Internet and American Life Project found that, on average, mobile phone users send and receive approximately 40 text messages daily. At some point, you’re likely to encounter these fraudulent text messages and the scam of identity theft smishing. If your smartphone isn’t secure, your personal information could be vulnerable to Smishing Identity theft.

Common Smishing Identity Theft Schemes

Common smishing fraudulent text messages (also referred to as SMS – short message service) often appear to require immediate attention.

The fraudulent messages may take a format such as:

  • For example, a fraudulent text message “from your bank” telling you your account has been shut down and asking you to call a number to reactivate the account.
  • In another case, a text message that says you have been registered for a service will be charged unless you take some form of action, such as visiting a website.
  • Confirmation of a purchase that directs you to call a number if the confirmation is inaccurate

If you take the actions prompted by the fraudulent text messages, you may send your personal information directly to a scammer. Some spy programs will spread malware or viruses on your mobile phone or computer. And others may give the scammers the means to eavesdrop on your phone calls.

How to Protect Yourself from Smishing Identity Theft

If you get an unsolicited text or from an unidentifiable source, protect yourself with these tips:

  • If the text message appears to be from a legitimate source, contact that source’s actual phone number—not the phone number provided in the text—and verify that it is legitimate. In most cases, legitimate businesses, such as banks, do not send text messaging that elicits a response.
  • Delete any text message from unknown sources without reading
  • Do not click on links or download software apps from an unverified source
  • Never provide sensitive information to an unverified source
  • Avoid any text message that appears to come from the number 5000. This may be an identity that hides a scammer’s real phone number. The message may be masked using SMS spoofing (described below).
  • Add security software to your mobile phone.
  • Look into setting up a “text alias.” This cell phone feature hides your actual phone number from the smishing sender
  • Contact your cell phone service provider and report the text message you received

Short Message Service (SMS)

Most people know it simply as text messaging, but the technical term is SMS (Short Message Service). SMS is a service for sending short messages of up to 160 characters (224 characters if using a 5-bit mode) to mobile devices.

SMS Spoofing is a new technology that uses the short message service (SMS) to set who the messages appear to come from by replacing the originating mobile phone number with alphanumeric text. In truth, conducting SMS spoofing has a legitimate purpose but can also be used to impersonate another person, company, or product. SMS spoofing is a common technique that scammers love to use, both to steal your information, but also to annoy you.

File a Complaint about AOL Email Fraud

To learn more or to file a complaint, contact the Federal Trade Commission’s identity theft website.

Questions and More Information

If you have any questions, please post a comment below. If you want to learn about other types of fraud, go to Fraud, Scams & Schemes.

Michael Kissiah is the owner of Brandy Lane Publishing, LLC, which owns and operates a small portfolio of websites, including eInvestigator.com. Michael created eInvestigator.com more than 20 years ago after working as a private investigator in the state of Florida. Since that time, he has become an expert at how to find information online and has written over 1000 articles on topics related to the investigation industry. In addition, he is the author of the "Private Investigator Licensing Handbook", available at Amazon.com.
Loading comments...