Please reply Y
On September 2, a text message appeared on my phone warning of a USPS package delay because of an incomplete address. To expedite delivery, the text invited me to click on a tracking link and confirm my address. Some handy link activation instructions were provided. The sender signed off with a cheery wish for a wonderful day from the USPS team.
My scam antenna switched on immediately – I was not expecting any package. And the unfamiliar area code (63) raised a red flag. When I checked, 63 turned out to be the Philippine country code.
Catphishing(s) ‘R’ Us
Millions of phishing attacks like these launch every day, every hour, cautions the Federal Trade Commission (FTC).
Text and text messages that masquerade as warnings or alerts from authentic sources are really ‘phishing’ exercises. Their primary intent is to defraud unsuspecting consumers of confidential information. They prey on human fears to scam consumers into payment or steal passwords, account numbers, and social security numbers. Once scammers get hold of personal information, they access private email, bank or other accounts, or sell the information to other scammers.
In the first half of this year alone, the FTC’s Consumer Sentinel Network collected over 1.1 million fraud reports from consumers who report having lost a staggering four and a half billion dollars to catphishing.
At a September 1 Ethnic Media Services briefing, Benjamin Davidson, an attorney with the Division of Marketing Practices, and Rosario Mendez, an attorney with the Consumer and Business Education of the Federal Trade Commission, answered questions about catphishing and how to counter it.
According to Davidson, phishing is generally just an attempt to steal personal and financial consumer information and passwords from consumers by attempting to gain their trust and convince them to engage.
The number of reports is trending downwards added Davidson, but consumers are losing more money. According to the FTC, Americans lost nearly $9 billion to fraud last year alone – an increase of over 150% in just two years.
Emotional blackmail via identity theft
One of the most egregious types of identity theft is when fraudsters impersonate a loved one to extort money from a family member. Scammers are tapping into new and evolving technology like AI to catfish people into a family emergency situation by cloning a family member’s voice.
“People think they recognize the cry for help and turn over their information or money to complete strangers,” said Davidson.
One scenario is when the impersonator pretends they are traveling abroad, have lost a passport, and need money for a plane ticket, or they ask for money to help with an emergency like a car accident. What makes the hoax worse is the use of voice cloning technology which is easily available on the internet.
All it takes said Davidson, is a 32nd sound bite of someone’s voice from social media, a video, or an audio file with 30 seconds, to clone someone’s voice and have the clone read a text that could deceive a family member into forking over money in an emergency.
The great pretenders
Leading the list of fraud categories said Davidson, is imposter fraud where con artists claim to be affiliated with the government or a well-known company like Amazon or Microsoft, in an attempt to convince a consumer to provide personal or financial information. Twice as many imposter frauds are reported compared to the next category – online shopping.
Online shopping fraud occurs when a consumer purchases a product that is never delivered, or when consumers get a notice that they have won a lottery, sweepstakes, or prize for which they need to pay a processing or handling fee. They learn there is no prize after they are tricked out of paying that fee.
Paying to get a job
During the pandemic, the FTC saw a surge in investment fraud. People were tapped for money-making schemes such as investing in cryptocurrency or Forex exchanges or day trading, and lost funds to strategies they were told did not do well.
One more fraud category involves business and job opportunities where consumers are enticed by potential job offers or techniques they can learn to start their own business, for a fee. In 2020 India Currents reported on one such get-rich-quick scheme in which a consumer was nearly tricked into paying a scammer by buying bitcoin at an ATM. Between 2020 and 2022, consumer losses from business imposter scams tripled, said Davidson.
In recent years, job opportunity fraud has evolved into extracting personal information from jobseekers filling out online applications for jobs that don’t exist. “We’ve seen texts that purport to be from Amazon saying we are looking for new drivers in the area. Here’s how much we pay. Thank you for your interest. Please click on this link to finish your application.”
Making contact with consumers
Fraudsters contact consumers in a variety of ways, such as email, phone calls, and text messages, but the leading method used to swindle people out of their money is social media, said Davidson. In 2022, text messaging was the leading contact method for fraud complaints.
However, when a consumer falls victim to a scam that begins with a phone call, “our data shows that they pay more than in other scams.” he added. In combination, consumers responding to both phone and text hoaxes pay dearly.
How it often works, said Davidson, is that a consumer may receive a text alert from a bank flagging a large purchase or suspicious activity on an account, followed by a request for a call to resolve the problem. A consumer who calls is asked to verify identity by providing a social security number, bank account number, or a credit card payment. “Once the fraudster has your personal information, … you know, they’re off to the races right there!” warned Davidson.
He cautioned consumers to be wary of texts or emails offering free rewards or gifts via links that likely connect to malware or ask for a nominal processing fee and personal data.
Fake delivery scams happen when fraudsters impersonate delivery services like UPS or FedEx, claiming they are unable to deliver a package because of an incorrect address, and require an update via a link, as in my case. It’s another hook by which scammers fish for personal information, advised Davidson.
“There are different ways to initiate contact with the consumer. But when consumers click on the link or call a number or reply, they are put in touch with someone who is trying to fish them and steal their personal information.
Spotting a Fraud
It’s increasingly challenging to spot fraud as scammers have grown more sophisticated in their use of grammar and language, and presentation with logos and URLs that appear legitimate. However, some giveaways are strange phone numbers or email addresses, but the one clue to watch for said Davidson, is an attempt to create a false sense of urgency, with texts for example, that may read, “ Your bank account has been compromised. You need to act quickly. There’s been a charge on your credit card, respond right away.”
Take a deep breath!
In most cases, nothing is as urgent as it appears, and consumers have time to verify any financial consequence advised Davidson. It’s important to independently verify the legitimacy of the texts, NOT by clicking on the links provided within them, but via publicly verifiable contact information provided by the company.
He recommended blocking unwanted callers and text messages. The FTC website offers guidance on wireless providers, enhanced filters or dedicated apps, and techniques to counter robocalls and scam calls. “A really good strategy is to use these techniques at the outset so that you just don’t receive the messages,” said Davidson.
One simple security measure consumers can use is to ask questions of the scammer to determine their identity. “Something as simple as “What did we have for dinner last night?”
Strategies to protect against phishing attacks include using security software on computers and ensuring cell phones automatically update operating systems. Using multifactor authentication on email, social media, or financial accounts offers an added level of security.
“That level of protection is really important, particularly with how common and how sophisticated phishing attacks are these days.”
What Consumers Can Do
Report Junk Calls and Text scams
One of the main tools to understand and combat the evolving faces of fraud said Davidson, is to have consumers report it to the FTC, the State Attorney General, or to the Better Business Bureau. The FTC aggregates this data and shares it with law enforcement.
The FTC protects American consumers from deceptive and unfair business practices. Their website provides information on how to avoid scams, what to do if you lose money to a scammer, and where to report them.
For more information in English, Spanish, and other languages, go to ftc.gov/scams