Are You Being ‘Smished’? Here’s How To Spot The Latest Texting Scam

CHRIS MCGONIGAL/HUFFPOST; PHOTOS: GETTY IMAGES

That text message about your package could be a scamOne of the biggest scams you need to watch out for is coming from your phone. In “smishing” ― a term that combines “SMS” and “phishing” ― bad actors try to get your personal and banking information through unsolicited text messages on mobile devices.

They do it by pretending to be government agencies, companies that you might have done business with, or a package delivery service. They’ll say something to get your urgent attention like a text about a free gift that you have to pay a small “shipping fee” to receive or they will send a warning about suspicious activity on your account.

“We see a lot of it with people posturing banks, saying ‘This is Chase Bank, there is a hold on your account due to a security breach, click here to verify your information,’” said Amy Nofziger, the director of fraud victim support with AARP…..Continue reading…

By: Monica Torres

Source: Are You Being ‘Smished’? Here’s How To Spot The Latest Texting Scam.

.

Critics:

Effective phishing education, including conceptual knowledge and feedback, is an important part of any organization’s anti-phishing strategy. While there is limited data on the effectiveness of education in reducing susceptibility to phishing, much information on the threat is available online. Simulated phishing campaigns, in which organizations test their employees’ training by sending fake phishing emails, are commonly used to assess their effectiveness.

One example is a study by the National Library of Medicine, in which an organization received 858,200 emails during a 1-month testing period, with 139,400 (16%) being marketing and 18,871 (2%) being identified as potential threats. These campaigns are often used in the healthcare industry, as healthcare data is a valuable target for hackers. These campaigns are just one of the ways that organizations are working to combat phishing.

To avoid phishing attempts, people can modify their browsing habits and be cautious of emails claiming to be from a company asking to “verify” an account. It’s best to contact the company directly or manually type in their website address rather than clicking on any hyperlinks in suspicious emails. Nearly all legitimate e-mail messages from companies to their customers contain an item of information that is not readily available to phishers.

Some companies, for example PayPal, always address their customers by their username in emails, so if an email addresses the recipient in a generic fashion (“Dear PayPal customer”) it is likely to be an attempt at phishing. Furthermore, PayPal offers various methods to determine spoof emails and advises users to forward suspicious emails to their spoof@PayPal.com domain to investigate and warn other customers.

However it is unsafe to assume that the presence of personal information alone guarantees that a message is legitimate, and some studies have shown that the presence of personal information does not significantly affect the success rate of phishing attacks; which suggests that most people do not pay attention to such details. Emails from banks and credit card companies often include partial account numbers, but research has shown that people tend to not differentiate between the first and last digits.

This is an issue because the first few digits are often the same for all clients of a financial institution. The Anti-Phishing Working Group, who’s one of the largest anti-phishing organizations in the world, produces regular report on trends in phishing attacks. Google posted a video demonstrating how to identify and protect yourself from Phishing scams. A wide range of technical approaches are available to prevent phishing attacks reaching users or to prevent them from successfully capturing sensitive information.

Specialized spam filters can reduce the number of phishing emails that reach their addressees’ inboxes. These filters use a number of techniques including machine learning and natural language processing approaches to classify phishing emails, and reject email with forged addresses. Another popular approach to fighting phishing is to maintain a list of known phishing sites and to check websites against the list.

One such service is the Safe Browsing service. Web browsers such as Google Chrome, Internet Explorer 7, Mozilla Firefox 2.0, Safari 3.2, and Opera all contain this type of anti-phishing measure. Firefox 2 used Google anti phishing software. Opera 9.1 uses live blacklists from Phishtank, cyscon and GeoTrust, as well as live whitelists from GeoTrust. Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about privacy.

According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective than Internet Explorer 7 at detecting fraudulent sites in a study by an independent software testing company. An approach introduced in mid-2006 involves switching to a special DNS service that filters out known phishing domains: this will work with any browser, and is similar in principle to using a hosts file to block web adverts.

To mitigate the problem of phishing sites impersonating a victim site by embedding its images (such as logos), several site owners have altered the images to send a message to the visitor that a site may be fraudulent. The image may be moved to a new filename and the original permanently replaced, or a server can detect that the image was not requested as part of normal browsing, and instead send a warning image.