Phishing and Spoofing Identity Theft Schemes

3
3304
Identity Theft Smishing
Learn how to protect your identity from SMS smishing and spoofing.

Half of all internet users get at least one phishing email per day. For those of us who are active with email and social media, that number goes up considerably. Phishing emails are designed to get you to provide personal information such as your bank account number, routing number, social security number, birth date, etc (see the AOL email fraud example below). The information obtained is used to secure a credit card in your name, or draft a payment from your checking account.

How to Spot Fraudulent Emails

Although identity thieves are constantly changing their approach, many phishing scams have similar characteristics. Being familiar with these will help you determine whether an email is fraudulent or not.

Look for Spelling and Grammar Errors – Most companies that send official email take the time to proofread and double-check that their emails are free of spelling and grammatical mistakes. It’s good business practice and it’s a sign that you’re reading a message from a legitimate company. If you receive a message that is filled with errors, it is more than likely a scam.

Use of ALL CAPS – Phishing attempts often try to create a sense of urgency to get you to take action immediately. Look for statements like, “YOU MUST CHANGE YOUR PASSWORD NOW”. It is important to note that most legitimate companies don’t use email as their first method of contact for urgent matters.

A Fake Display Name – Most phishing emails will try to fake the “From” name to get you to believe it is from a legitimate person or business. This is called “spoofing”.

Phishing Email Example

Below is an example of the fraudulent AOL email scam:

Dear John.Smith@internet.com:

We use this medium to notify you that your AOL account has generated some errors on our MySQL Database and you are required to follow all instructions given to you in order to correct this problem.

During our regular account verification procedure, we encountered a technical problem and we could not verify your information which we have on file. Your account data could not be recovered due to system errors resulting from Windows update. As a result of this, your information which we have on file is incomplete and your account functions are abnormal.

In respect to the above, you are urgently required to re-submit your information via our servers so that we can fully verify your AOL account; otherwise, your access to AOL services will be deactivated until you pass the verification procedure.

We strongly require that you click here to verify your AOL account!

Note that failure to verify your account immediately will lead to permanent deactivation of your AOL account..

We are very sorry for the inconveniences this might have caused you and we assure you that everything will return to normal as soon as you have done the needful.

AOL Technical Team

2011 AOL LLC. All Rights Reserved.

What to Do if You Receive the Email

If you receive this, or any other fraudulent email, please do the following:

  • Don’t click on any links in the email
  • Don’t reply to the email
  • Mark the email message as spam
  • If you are unsure of an email’s authenticity, forward the email to your email provider’s abuse contact. For example, AOL’s abuse email si aol_phish@abuse.aol.com.

How to Tell if AOL Mail is Official

When AOL sends important email to their users, they mark each message with a small blue AOL icon. The blue icon is located between the sender and the subject line. Below is what the blue icon looks like:

AOL official mail icon

Also, when you open an Official AOL email message, you’ll see the “Official Mail” banner at the top.

If you get a message that seems like it’s from AOL, but it doesn’t have those 2 indicators, it’s a fake email.

Smishing Identity Theft for Cell Phones

Chances are, you have security software installed on your computer to protect your email against “phishing”— fraudulent messages that attempt to get you to reveal sensitive information such as account numbers and passwords. Unfortunately, these same types of scams come directly to your phone via a text message. “Smishing” is phishing that’s conducted over short message service (SMS), more commonly known as text messaging.

The Pew Internet and American Life Project found that on average, mobile phone users send and receive approximately 40 text messages a day. At  some point, you’re likely to encounter these fraudulent text messages and the scam of  identity theft smishing. If your smartphone isn’t secure, your personal information could be vulnerable to Smishing Identity theft.

Common Smishing Identity Theft Schemes

Common smishing fraudulent text messages (also referred to as SMS – short message service) often appear to require immediate attention.

The fraudulent messages may take a format such as:

  • For example, a fraudulent text message “from your bank,” telling you your account has been shut down and asking you to call a number to reactivate the account
  • In another case, a text message that says you have been registered for a service and will be charged unless you take some form of action, such as visiting a website
  • A confirmation of a purchase that directs you to call a number if the confirmation is inaccurate

If you take the actions prompted by the fraudulent text messages, you may be sending your personal information directly to a scammer. Some spy programs will spread malware or a virus on your mobile phone or computer. And others may give the scammers the means to eavesdrop on your phone calls.

How to Protect Yourself from Smishing Identity Theft

If you get a text that’s unsolicited or from an unidentifiable source, protect yourself with these tips:

  • If the text message appears to be from a legitimate source, contact that source’s actual phone number—not the phone number provided in the text—and verify that it is legitimate. In most cases, legitimate businesses, such as banks, do not send text messaging that elicits a response.
  • Delete any text message from unknown sources without reading
  • Do not click on links or download software apps from an unverified source
  • Never provide sensitive information to an unverified source
  • Avoid any text message that appears to come from the number 5000. This may be an identity that hides a scammer’s real phone number. The message may be masked using a technique called SMS spoofing (described below).
  • Add security software to your mobile phone
  • Look into setting up a “text alias.” This cell phone feature hides your actual phone number from the smishing sender
  • Contact your cell phone service provider and report the text messaging you received

Short Message Service (SMS)

Most people know it simply as text messaging, but the technical term is SMS (Short Message Service). SMS is a service for sending short messages of up to 160 characters (224 characters if using a 5-bit mode) to mobile devices.

SMS Spoofing a is a new technology that use the short message service (SMS) to set who the messages appears to come from by replacing the originating mobile phone number with alphanumeric text. In truth, the process of conducting SMS spoofing has a legitimate purpose, but can also be use to impersonate another person, company or product. SMS spoofing is a common technique that scammers love to use, both to steal your information, but also to annoy you.

File a Complaint

To learn more or to file a complaint, contact the Federal Trade Commission identity theft website www.ftc.gov/idtheft.

Questions and More Information

If you have any questions, please post a comment below. If you would like to learn about other types of fraud, go to Fraud, Scams & Schemes.

3 COMMENTS

  1. I had recently changed my password on AOL and they had someone trying to send an email out on my AOL address. Their email was listed as vivekfree@yahoo.com and I received one yesterday listed as someone else that might have the same ID or is trying to use my address again. I want you to find out who this might be and notify me immediately. My credit score has went from nearly 700 to 550 in less than a year.

    • We recommend that you first change the password on your email account. Then, forward any fraudulent emails to aol_phish@abuse.aol.com, then delete the emails.

      If you feel that your identity may have been stolen, or personal information has been used that affects your credit report, contact the three credit reporting bureaus and request a copy of your credit reports. You can request one free report from each bureau each year through https://www.annualcreditreport.com/.

      Once you obtain the reports, look for any accounts that you did not open. If you notice any, follow the credit reporting bureau’s process for reporting the fraudulent activity.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.