We’re hearing that a few of our customers have received phishing phone calls (otherwise known as voice phishing or “vishing”). Most people know about phishing over email or pop-up message, but not everyone knows about vishing.
Vishing calls are often automated with a voice recording warning you about fraudulent account activity. To “protect” your account you’re directed to call in to the provided number and then answer verification questions. It all seems quite real, but it’s actually a scam designed to get your personal information and steal your identity.
With vishing attempts happening so close to home, now is a great time to refresh your memory about how to avoid getting caught in a phishing, vishing, or smishing (phishing over text message [also called a short message, hence the name]) scam. How can you avoid taking the bait?
1. Hang up. Your first line of defense is to simply hang up or delete the voice mail. Don’t respond to the email, text message, or a phone call requesting information. If you are still concerned, pick up the phone to verify, but don’t call the number provided in the message. Instead, call the company yourself using a number you have on file, from a bill, or the phone book.
2. Do your own typing. Don’t click on a link provided to you in an email. Even if the web address looks real, scammers can mask the true destination. Type the company’s URL into your browser yourself or use a link you already have bookmarked.
3. Note any spelling or grammar errors. Misspellings and grammar mistakes could mean it’s a phishing attempt. Legitimate companies usually have copywriters or editors on staff who would correct errors before an email was sent to customers.
4. Look carefully at the claims. If you already have an account with a business, you should not have to enter your personal information again. Also, a trusted business would not threaten to close your account or offer you prizes for information.
If you’ve accidentally taken the bait, here are three steps you can take to minimize the damage:
1. Put a fraud alert on your credit report. You can contact any one of the three consumer reporting companies, Equifax, Experian, or TransUnion.
2. Close any accounts you believe have been targeted. Even if you believe an account hasn’t been accessed, change the password. Then, monitor all your accounts closely and consider requesting a free credit report at www.annualcreditreport.com.
3. Report it! You can report identity theft to your local authorities and to the FTC. Don’t hesitate to warn others you know. Chances are that if you’ve been a victim of phishing, others in your community may be targeted as well.
For more hints and tips on phishing prevention, visit the U.S. Securities and Exchange Commission phishing website. If you’ve been phished, the noPhishing.org site has additional helpful information.
We are often asked, “How’d they get my number or email?” They can get your number from the phone directory and other seemingly innocent sources. These sources can include sweepstakes entries, online contests, and magazine subscriptions where you’ve given out your information. This information then gets sold to people who phish, vish, and smish.
Finally, please remember one more thing: TDS.net and TDS Telecom will never contact you via email and ask you for detailed account information or passwords. Ever.