Usually we think of a mobile phone as a tool that offers convenience and personal safety. But it also can be a weapon used against us to steal personal information. Experts say that the same types of attacks that have plagued the online world are migrating to mobile. The National Credit Union Administration in Alexandria, VA reports that members of credit unions across the country have been targets of cell phone scams, mostly phishing. These phishing scams have been in the form of smishing or vishing attacks. Both aim to trick people into revealing sensitive private information, such as Social Security numbers, credit union account numbers, personal identification numbers, and passwords.
The term “smishing” comes from SMS plus phishing (SMS stands for “short message service,” used for mobile text messaging). In smishing, criminals are after the same sort of information as in vishing, but they send a text message on a mobile phone instead of calling. A common smishing ploy goes like this: You receive a text message, seemingly from your credit union, stating that your account has been closed. To reactivate it, you’re told to call a toll-free number. When you do, you’re asked to enter your account number and PIN.
In vishing, the fraudster calls someone, using a pirated recording of telephone services from a financial institution, to try to extract personal information. For example, the recording informs you that your credit card has been used illegally and asks you to call a fake 800 number, where you’ll be asked to confirm account details. Or you may receive an e-mail asking you to call a toll-free number. The consumer’s answers are recorded, or saved, and later used to commit identity theft.
The best protection against either vishing or smishing comes down to a simple strategy: Don’t respond. If it’s a vishing scam, refuse to answer questions and hang up. If it’s a smishing attack, don’t do what the text message instructs you to do. Then report the incident to White Sands FCU immediately. And remember, we would never ask you for personal information over the phone or by e-mail. We already have this information on hand.