By Ron Benvenisti. I’ve done several posts here on TLS about text and email scams. These scams are never ending attempts to steal your Personal Private Information (PPI). Today I want to show you not one but three texts that I received so far which are currently making the rounds. Unfortunately, text messaging apps typically don’t identify and warn you of scam texts even though the origins maybe known as illegitimate. Just a quick refresher, this is what they’re after:
An individual’s first name or first initial and the individual’s last name in combination with any one or more of the following data elements:
- Social security number.
- Driver’s license number, state identification card number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual.
- Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
- Medical information.
- Health insurance information.
- Unique biometric data generated from measurements or technical analysis of human body characteristics, such as a fingerprint, retina, or iris image, used to authenticate a specific individual. (This is a more sophisticated attempt which can be used by your cellphone’s camera).
The text or email will come from an email address (which oftentimes looks legitimate) but is actually “spoofed” so that when you click on it, you wind up on a site that may look like your banking, IRS or some other legitimate account. You can identify these because they typically won’t include your full name but may use your first name or no name at all.
Typically, I will get around 10 to 20 a week. Here are a couple of phishing texts I received within only 24 hours, with a couple of them just minutes apart:
Of course you should not click on links in any text message as they will lead you to a site that will attempt to steal your Personal Private Information (PPI), and may look like a legitimate site. These are often well crafted facsimiles which will not only steal your username and password credentials but also download malicious software to compromise your computer to get more private data as well as ransom-ware.
Most sites now offer two-factor authentication. If you set this option (which is an absolute necessity) the bank or other sites that offer this, will send you an email, call you or text you with a verification code.
Ransom-ware will lock your computer, making it inoperable until you pay the malicious actor money via gift cards, credit cards or bit-coin. There is no guaranteed method to decrypt and unlock your phone or computer. They will prevent the device from rebooting, should you try and potentially destroy or encrypt your files unless you pay the ransom. Two-factor authentication is a proven way to thwart these attempts.
The potential problem with two-factor authentication is that you still have to enter your username and password before they send you the code. This makes it possible for the hackers to at least obtain that, by a keylogger, for example, but, nevertheless, they will not have access to your account information such as credit and debit card numbers, checking account numbers and bank routing numbers which they then can use to make purchases on-line or even print bogus checks which are real enough to cash.
A Good Solution To Check If the Website is Legit
There is an invaluable website that will tell you if the email or text domain you are receiving messages from is malicious. You can validate any website at Scam-Detector, using their online validation tool. Here are a couple of checks on the the texts I received (above) and will work for you. I highly recommend it.
I have no financial or affiliate agreements with Scam-Detector so this is not an advertisement in any way shape or form.
Ron Benvenisti