Awareness is the Key to Phishing and Spoofing

Just like with regular fishing, when phishing the criminals are baiting a hook to catch you. Phishing is a technique of sending an email intending to trick you into clicking on a malicious link or downloading an attachment potentially laced with malware.
The scammer may use spoofing to accomplish this. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. This can be done through email, texts, the mail, or the phone, often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.

On the phone, the caller might impersonate Medicare or another organization to collect your personal information. This includes deliberately falsifying information shown on your caller ID display to disguise their identity. It is very easy to use technology to even make it look like a call is coming from a local number when in fact they are in a different country.

Another variation is through text messages. Phishing emails and texts are easy, cheap, and effective. Criminals have three primary ways they steal information: 1) malicious web links, 2) malicious attachments, and 3) fraudulent data-entry forms. They throw out thousands at a time but only need to hook a few. Don’t get hooked!

Phishing often tells a story to trick you into responding in some way. They may
• say they’ve noticed some suspicious activity or log-in attempts
• claim there’s a problem with your account or your payment information
• say you must confirm some personal information
• include a fake invoice
• want you to click on a link to make a payment
• say you’re eligible to register for a government refund
• offer a coupon for free stuff
• direct you to a website to fill out a survey or assessment

Phishing is considered social engineering because the methods they use, such as forgery, misdirection and lying, manipulates human psychology and encourages us to act before we think things through. Use caution if you are being pressured for personal information or asked to make a quick decision.

You may not be able to tell right away if a mailing, call, email, or text is legitimate so be extremely careful about responding to any request for personal identifying information which includes account numbers, Medicare or Social Security numbers, mother’s maiden name, passwords, or other identifying information in response to unexpected calls or if you are the least bit suspicious.

If you think you’ve been the victim of phishing or spoofing and have given out personal information, you can report identity theft, and get help with a recovery plan, at the Federal Trade Commission’s IdentityTheft.gov site. You can also call the FTC at 877-438-4338.

If you have given out your Medicare number and think you have been the victim of medical identity theft, call your local Montana SMP at 1-800-551-3191.