March 10, 2022
Carson City, NV – As
part of National Consumer Protection Week, Nevada Attorney General Aaron D. Ford warns Nevadans to be on
alert for fraudulent messages designed by scammers to appear as though they are
coming from legitimate sources.
Consumers have likely heard of phishing emails — scam emails
that look like they are from a company or government entity that consumers know
and trust, such as banks, credit card companies social networking sites, online
stores or the DMV, but are actually fraudulent and designed to trick consumers
into giving away their personal information. However, scammers are adapting to
new technology and have developed new ways of scamming consumers out of their
personal information. Two of the most prominent new types of phishing scams are
referred to as smishing and vishing.
“Scammers are adapting to new technology and using new
strategies all the time,” said AG Ford. “Smishing and vishing scams are
perfect examples of scammers taking all of their old tricks used in phishing
emails and applying them to different mediums.”
Smishing, a combination of “SMS” and “phishing,” is phishing via
SMS text messages. In this situation, a person will receive a text message,
usually appearing to be from a company the person already has a business
relationship with such as the customer’s bank. These texts often include a link
created to solicit some sort of urgent response from the customer such as
claiming a prize, claiming a tax refund, confirming a delivery or purchase or
protecting an account. The goal of a smishing scammer is to get the customer to
provide personal identifying or account information or link to malware.
Vishing, a combination of “voice” and “phishing,” is phishing performed
through a phone call. A scammer will make a vishing phone call and pose as a
trusted source such as a bank in order to elicit personal or login information
from a person. Often, a vishing call will come after a phishing email or a
smishing text in order to bolster the legitimacy of the fraudulent email or
text because a live person is calling. For example, a customer may receive a
fraudulent text that appears to be from their bank claiming their account has
been compromised. Then the customer gets a vishing call from a scammer posing
as a bank representative and they are more likely to disclose personal account
information Vishing perpetrators often use fake caller ID, or “spoofing,” to
make the call seem like it is coming from a legitimate source.
These scams are trending upward, with the FBI’s Internet Crime
Complaint Center (“IC3”) reporting that they received 241,342 complaints in
2020 and the Anti-Phishing Working Group (“APWG”) reporting a record breaking
245,771 complaints in 2021. These scams can result in large amounts of money
lost, with the Federal Trade Commission (FTC) reporting that US consumers lost
$86 million through scam text messages in 2020.
Additionally, there has been an increase in reports that scammers will
ask for gift cards as a mechanism to get money.
With phishing, smishing, and vishing on the rise, the Office of
the Nevada Attorney General urges you to stay on alert for the following red
flags when you receive an email, text or phone call:
- Bad spelling or grammar: If you see any misspellings or
bad grammar in an email or text message, even if it otherwise appears to
be from a legitimate source, it is likely a phishing email or smishing
text.
- Slight alterations in the URL
or mismatched links:
When you receive an email or text from a company or entity, look carefully
at the spelling in the URL. It can be hard to catch, but often these URL
links will have one or more letters missing or out of place. Similarly, if
the link you see in the message is different than the link you will be
sent to (you can find the actual link in an email by hovering over the
link with your mouse without clicking on the link), it is likely a
fraudulent message.
- Something looks off about the
logo or website:
Many phishing, smishing or vishing communications will try to send you to
a fake website. Be skeptical of these websites and look closely — you will
often be able to find something off about the website which is a red flag
it is counterfeit.
- Lack of personalization: If the email or text uses a
general salutation or no salutation at all, be on alert that this may be a
scam. Usually, your bank or someone you have done business with has your
name or other identifying information.
- Out of place requests for
personal information:
A company you have worked with before would not call or send an email or
text asking for information they already have. Be suspicious if
communication from an alleged trusted company asks for sensitive
information such as user IDs or passwords, financial account numbers,
health information and social security numbers.
- Urgent calls to
action: If a message or call requests that you act urgently, it is
a good indicator of a phishing, smishing or vishing communication. These
scammers want you to get into a heightened emotional state so that you are
less likely to think through your actions.
- Suspicious attachments: Do not open an attachment to
an email from a sender you do not know personally, even if it looks like
it is coming from a legitimate company.
If you have been a victim of
a phishing, smishing or vishing scam, you may file a complaint with the Federal Trade Commission and the Office of the Nevada Attorney General. Include
as much information as possible with your complaint, including any information
you have about the person or entity that contacted you, including phone
numbers, emails and websites.
###