Phishing (Email Fraud or Spoofing), SMiShing, Vishing
Understanding the Problem
Phishing occurs when criminals send email messages that appear to represent a trusted institution (like your bank, the Better Business Bureau, or government agencies) in order to trick you into disclosing your personal information. Phishing emails may appear to be authentic and include the company contact information and logo. They usually have a sense of urgency. They may tell you your account is about to be closed or a transaction can't be processed until a response is received. Any email requesting personal information or to “verify” account information is usually a scam. The email may instruct you to open an attachment or click on a link in order to review, update or verify your information or they may provide a phone number for you to call. Do not respond or click any links in the email. Call us to report the incident.
Obtaining this confidential information will allow the criminals to engage in financial fraud, steal money, assume identities, and/or fraudulently apply for credit.
Phishing also occurs via phone calls, called Vishing, and text messages, called SMiShing.
Vishing (Voice Phishing)
This is a phone call (either from a person or automated voice message) that appears to be coming from a legitimate company. Automated phone dialers and voice over IP phone systems are easy to set up and provide criminals with alternatives to email-based phishing. Voice phishing occurs when you receive a phone call with an automated message instructing you to call another toll-free phone number. The caller will often say your account has experienced unusual activity or ask you to provide personal information for some “urgent” reason. It may be to win a prize, re-activate an account, verify account information or cancel an order (when in fact none of these reasons are legitimate). When you return the call, you may be asked to visit a web site or call a provided number and are asked to reveal personal information such as credit card numbers, online banking credentials or Social Security numbers.
SMiShing (Text Message Phishing)
This is a text message on your cell phone that appears to be from a legitimate company. The message may say your bank account will be closed, frozen or terminated or some “urgent” reason unless you call a telephone number or go to a website. This is an attempt to scare you and convince you to provide personal or account information. If you receive a text message that asks for personal information and appears to be from Monroe Bank & Trust, do not respond. Monroe Bank & Trust will never ask you for personal information via a text message.
Follow these steps to avoid being scammed:
MBT will never contact you and ask for personal information by phone, email or text. Education is the first line of defense against these scams. The scams often try to create a feeling of urgency so you'll respond before you can think. Or they may pretend to be helpful, like offering a security update, but require you to enter your personal or account information first. Criminals use these tactics to try and get your personal, financial or account information. Criminals are adopting increasingly sophisticated techniques and scams are occurring frequently. Recognizing fraud is not always easy, however, there are some common signs you can look for.
- Never click on a link from a suspicious email. Open e-mails only when you know the sender—even opening a fraudulent e-mail or clicking on a link can expose you to viruses or key logging software that captures your keystrokes as you enter them.
- If you do go directly to a website, check for indicators that the pages are secure, such as a padlock symbol at the bottom of the page and a URL that begins with “https”.
- Do not call any phone number provided in a suspicious email. It could be a fake phone number.
- Always use anti-virus and anti-spyware software on your computer, and keep them up-to-date.
- Remember, email is not a secure form of communication. So feel free to use your email, but don’t use it to send or receive confidential information.
- If you receive an unexpected phone call that appears to be from MBT or another company that asks for personal information, be suspicious. Hang up and then call us using a phone number you know to be valid, and not one provided to you by the original caller.
- Attachments: Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Don’t open attachments, even if they appear to have come from a friend or a co-worker, unless you’re expecting it or are absolutely sure you know what it contains. Don’t let curiosity wreak havoc on your computer.
Looks can be deceiving. As criminals make more credible forgeries of legitimate email and websites, you can no longer rely on seeing familiar graphics like our logo. The key to determining an email’s authenticity lies in the tone of the message and the nature of the solicitation. Criminals want you to give them information and they're not very subtle about it.
Common Signs of Fraud
- Requests for personal information. MBT will never ask you to reply in an email with any personal information such as your Social Security number, ATM or PIN. Any email requesting personal information, or asking you to verify an account, is usually a scam.
- Urgent appeals. Fraudulent emails often have a sense of urgency, indicating the need to communicate with you for your own security or a request to update your information immediately. Example: ". . .your account will be closed if you do not verify it with us right away." We will never claim your account may be closed if you fail to confirm, verify or authenticate your personal information via email.
- Typos and incorrect grammar. It isn't necessarily because criminals don't know how to spell. It's to bypass email filters. Be on the lookout for typos or grammatical errors, awkward writing, misspelled company name and poor visual design.
- Awkward greeting or salutation. Fraudulent emails often have nonsensical greetings or a salutation that does not refer to the customer by name.
- Strange or unfamiliar links. A link may look official, but when you roll your mouse cursor over it, the link's source code may point to a totally unrelated web site. Remember it is always safest to type a URL into your web browser instead of clicking on a link.
- A message about an order that says you’ve been charged for an item you clearly didn’t purchase.
- Messages about system, software and security updates. We will never claim the need to confirm important information via email due to system upgrades.
- Offers that sound too good to be true. We will never ask you to fill out a customer service survey in exchange for money, or ask you to provide your account number so you can receive the money. The email may instruct you to click on a link, or call a phone number to update your account or even claim a prize. It's almost always a scam to see an email or website that asks you to provide your account information because someone wants to send you money, claims you have a refund coming to you or says you have won a contest.