Cyberthieves have many tools at their disposal to commit their crimes. Below is a brief description of many of them and how you can help yourself avoid becoming their next victim.
Phishing – It’s called this because the scammers are “fishing” for sensitive information. Often it is for your bank account. Usually, an email message is received with an included link or attachment. If they are clicked, a website appears (often that looks nearly identical to your financial institution) with a form where sensitive information is to be entered. Alternatively, malware is unleashed that sits and waits to collect information from the infected device.
If you don’t recognize the email received, it’s best to just put it in the trash without even opening it up. However, sometimes the scammers make their messages appear to be from someone you know. If the message is not expected, it’s best to confirm its legitimacy with the sender by calling on the phone, sending a text, or walking over and asking, if that’s an option. Don’t use reply information in those messages either. Often, the scammers set that up so if you do respond, they get your reply.
When in doubt, go directly to the financial institution’s website and confirm your details by logging into your account or give them a call to confirm the email message.
Vishing – The scammers have the same goal as with phishing, except it uses voice technology. The scammers want sensitive information, they just request it a different way. Autodialers are set up to call hundreds or even thousands of phone numbers. When someone answers, a recorded voice will claim that some suspicious activity was seen on the victim’s payment card and the financial institution should be called right away. A phone number is left. If that number is called, a recorded voice asks for account or other sensitive information for “verification” purposes.
Don’t provide sensitive information on the phone unless you are 100% confident in how it will be used. If you did not initiate the call, use a number you get from the financial institution’s website to call them back.
Smishing – This is another variation of phishing. It uses the cell phone text to get users to click a link. Those also go to fraudulent sites or unleash malware on the device. Often, the end user is tricked into thinking the message is from his or her financial institution.
A good rule of thumb for all of these are that if you are not expecting to receive it, either put it into the trash or contact the sender independently of the message to verify it before clicking.
Skimming – This type of trickery involves ATM machines. A device is placed in or around the slot where the card goes. As the card is inserted, the device captures the sensitive data stored on it as well as the PIN associated to it as the customer enters it. The scammers can then use the information to create counterfeit payment cards or use it for card not present (CNP) fraud.
Before inserting your card, look to see if there is any odd-looking device attached to the machine or if it looks substantially different from the last time you used it. If you have doubts, go to a different machine and contact the financial institution so someone can check it out.
Keystroke Loggers – These are software programs that record keystrokes made on a computer. Often these are found on public computers such as those in business centers at hotels. Sometimes users unknowingly download them to their own computers. These indeed capture every keystroke, so as you are entering your online account login credentials, the keylogger will capture it all and send it off to the scammers.
If you’re logging into accounts that require you to enter sensitive information, it’s best to do this somewhere you know is safe, such as at home. To avoid putting a keylogger on your home computer or laptop, use caution about clicking links or attachments in email. In other words, phishing and smishing are a popular way for getting keyloggers and other malware onto devices.
Use caution when going online. By looking out for the strategies cybercriminals use to get your sensitive information and you can stay one step ahead of them.