Phishing Scams Come in All Shapes & Sizes

Author: Kolin Hodgson

Not only is 2020 known as the year the COVID-19 pandemic began, it has also been a paramount year for phishing scams. According to the fourth quarter report of the Anti-Phishing Working Group, approximately 270,000 new phishing campaigns—where each campaign includes thousands of email messages—were reported worldwide in early 2020.

Phishing is a type of cyber attack that can come in many different forms such as an email, text or phone call. Scammers use multiple contact methods to gain access to personal and financial information for profit. Here are some of the most common ways scammers may try to contact you.

Phishing via Email

At Notre Dame, email phishing activities continued to increase this year. The most common phishing scams reported by Notre Dame faculty, staff and students this year include:

  • Gift Card: A scammer impersonates a departmental leader and sends you a request to buy gift cards for him/her.
  • Tutor Needed: The requestor targets specific departments, and poses as a single parent in the email hoping to find someone to tutor his/her minor child on a subject within that department.  
  • Paid Position Available: The email offers a paid research position available for which you can apply and asks you to send personal information for consideration.
  • Sharing privileged or special interest Information: This email comes from an unidentified sender with enticing information contained in an attachment. The only way to access this information is to open the attachment which may contain a virus that will infect your computer.

Scammers use these and other tactics to gain access to personal information or money from you, but the key is to know what to watch for. Before you respond to an email, ask yourself these basic questions:

  • Is the sender rushing me into action? Most legitimate requests from organizations or individuals should not demand immediate action. However, there can be a reasonable deadline by which you need to make a decision regarding the offer or request.
  • Did the email come from a person or organization I know? The name at the top of the email can be deceptive. Check the return email address. If it looks suspicious, email the sender directly instead of replying to the message If it came from someone you don’t know, just delete it.
  • Does it contain poor spelling and/or grammar? Phishing messages often originate from senders who are unfamiliar with the English language. Spelling and grammar errors are a good indicator that the email may be a phish.
  • Is the requested information something I should send in an email? The sender may request information such as your user name and password, social security number, bank account information, date of birth, a credit card number, etc. It is never safe to send this information in an email.
  • Is it too good to be true? You unexpectedly receive an email congratulating you for winning a prize, or offering a product at an extreme discount. Did you really enter the contest? For discounts, check the retailer’s website for product pricing before clicking any links or sending information.
  • Am I expecting a package delivery? You receive an email notifying you of an upcoming package delivery. Scammers copy common delivery messages and ask you to click a link for a delivery update. The legitimate information can easily be found on the shipper’s website. 
  • Do I have to send money to get money? Oftentimes, the email contains a request for you to send a smaller amount of money to get  a larger amount of money. Never send money to someone you don't know requesting it only through an email.

More information about email phishing scams is available at: staysafeonline.org/blog/5-ways-spot-phishing-emails/.

Phishing Texts or SMSishing

Phishing scams can also come in the form of SMS (Short Messaging Service) texts on your cell phone—hence the name SMSishing.

Be suspicious when you receive a text from someone not in your contacts list or from a number you don’t recognize. Here are some tips to help you identify SMSishing scams:

  • Random verification code: You receive a verification code that you never requested.
  • Fraudulent activity warning: A text that appears to be from your bank or credit card company warning you of fraudulent activity that usually contains a link. DO NOT click on the link in the text. Contact your bank or credit card company to confirm fraudulent account activity did occur in your account
  • Deceptive phone app: A text with a request to download a new general interest app that you think you cannot live without, and includes a link. The application may look useful, but it’s real purpose is to be able to monitor your phone for passwords and steal them. Ohly put apps on your phone you download from Apple's App Store of Google Play.
  • Sender is not in your contacts list: Unless you are expecting to be contacted, you can safely ignore these texts.
  • Text does not contain a phone number: Delete all text messages from numbers such as 7000. These are really just phishing emails forwarded to your phone as texts.

If you begin to receive SMSishing scams, the best course of action is to block the sending number and delete the message. Additional information on SMSishing is available at: fcc.gov/news-events/blog/2020/03/02/mobile-phone-texts-spam-and-scams.

Phishing Voicemail or Vishing

Voicemail or phone call scams are popular phishing tactics, and are called Vishing. These calls or voicemails are meant to try to get you to take immediate action by a threat, enticing investment offer, prize notification or request for money.  The caller will also ask for your personal and/or financial account information. Here are some of the common vishing scams:

  • Prize winner notification: The caller will tell you you are a lucky prize winner, and will eventually ask you for personal or financial account information in order to receive the prize.
  • Threat from a governmental agency: The phone call is about an issue with the local or state police, CIA, IRS, etc., and usually make some kind of financial demand to correct the issue. These agencies will never call you on the phone—they would contact you by postal mail or other legitimate means.
  • Incredible investment offer: Legitimate investors usually don’t do cold calling, and won’t contact people at random. 
  • Monetary request from relative: The caller will attempt to convince you that he/she is a relative who needs your money for an unfortunate circumstance or emergency.

You can handle these common phone scams in the same way—just hang up and block the caller immediately. Never give your credit card number or bank account information to any caller you don’t know. If you are contacted about an investment opportunity, see your financial advisor or bank representative for advice before taking any action.

You can find more information about vishing at: consumer.ftc.gov/articles/0208-phone-scams#examplesof.

By following these important phishing scams guidelines, you can hamper the efforts of these cybercriminals and maintain proper security of your personal or financial information. You can find additional information about general phishing guidelines in this informative Security Quotient video.