It’s a double whammy.
The Federal Trade Commission says an increasing number of people are complaining about a scam that combines “spear phishing” tactics with caller ID spoofing – an effort to lure more victims.
In case you’re not up on your scam techniques: Phishing is when fraudsters try to trick you into giving up personal information by posing as a legitimate company. It turns into a spear phishing expedition when they have certain details about you (Social Security or address) that they trot out to appear more legitimate.
Caller ID spoofing is when the scammer fakes a phone number so it appears as though it’s from the sheriff’s office or your bank or someone you think you can trust. To make things even more confusing, scammers have the ability to fake your own landline or cell number. This appears to be happening in Albuquerque; I have received numerous calls about it during the past month.
In any case, combine these elements, and the odds are higher that someone will be tricked into becoming a victim.
Here’s one example the FTC gave in a recent alert, with details that vary according to the scam: “I’m calling from (a particular bank). Someone’s been using your debit card ending in 2345 at (a particular retail store). I’ll need to verify your Social Security number – which ends in 8190, right? – and full debit card information so we can stop this unauthorized activity…”
At the same time, the caller ID shows the name of the person’s bank, and the caller knows some personal details. Tricky.
Here’s how to protect yourself, courtesy of the FTC:
• Don’t assume your caller ID is proof of whom you’re dealing with. Scammers often have good technology.
• If you get a phone call, email or text from someone asking for personal information, don’t respond. If you feel the need to verify anything the scammer tells you, check it out using contact information you know is correct.
• Don’t trust someone just because they have personal information about you. A shocking amount is readily available, due to social media and data breaches.
The FTC suggests that if you do give a scammer your information, go to IdentityTheft.gov. There, you will find information to help manage the possible consequences.
◊ ◊ ◊
The FBI has warned that cybercriminals are targeting the online payroll accounts of employees, particularly in the fields of education, health care and commercial air transportation.
Here’s how it works: The scammers send phishing emails that seek to snare an employee’s login credentials. With that information, they try to access the person’s payroll account so they can change direct deposit bank information.
Next, they redirect an employee’s paycheck to an account controlled by the scammer. Often it’s a prepaid card, the FBI’s Internet Crime Complaint Center says.
The agency says employers should instruct employees not to supply log-in or other personal information in response to an email, and to “restrict access to the internet on systems handling sensitive information or implement two-factor authentication for access to sensitive systems and information.” Also, the FBI says, log-in credentials that are used for payroll purposes should “differ from those used for other purposes, such as employee surveys.”
Ellen Marks is assistant business editor at the Albuquerque Journal. Contact her at email@example.com or 505-823-3842 if you are aware of what sounds like a scam. To report a scam to law enforcement, contact the New Mexico Consumer Protection Division toll-free at 1-844-255-9210.