Practical Advice
If you own a cellular phone for any reason, you are likely aware of odd text messages that appear from time to time. I've found it to be the rare event when a text message arrives to a number other than one the sender originally intended. Having said that, if you have not received messages trying to solicit your personal information, especially your financial info, it is only matter of time before you do. I started noticing them myself about three months or so ago. It's likely that I'd occasionally received one in the past, but paid little attention to it before deleting it. Since about August or September, though, I've received them about twice a month. Today, I received two in the space of an hour. Thankfully I'm not gullible enough to fall for phishing scams, but I thought it would be helpful to mention a couple of positive ways in which to respond to this scam. So, without further ado, I shall pontificate with ponderous, yet practical advice on how to be a positive, not passive, defense against phishing.
1. Someone Has Already Done It, Surely? I would never assume that someone else has alerted any authorities concerned. For one, how often do we hear that con artists are able to get away with their crimes because people are too ashamed to admit they've been taken? By the time one is caught, there's usually a long line of victims. Remember Madoff? Second, many people probably look at it, figure it has nothing to do with them and that it was a mistake, and pay only enough attention to delete the message. Even if the problem has already been reported, you will never know that for certain if you don't contact the relevant parties. If enough people assume someone else is going to call and make some noise, then it is increasingly likely that the problem will to come to light. It is the risk you run when you rely on others to handle problems that affect you directly. Becoming an active consumer ensures that you are informed, and ultimately responsible for your personal well-being.
2. Speak with Your Cell Phone Provider. I would not take it for granted that your provider knows about a particular series of fraudulent text messages. For you Spring users, I can say that, yes. In fact Sprint, at least according to the person I spoke with, has a department that is dedicated to dealing with scammers. I assume they focus on schemes which utilize the Sprint network in some way. Even so, if you notice that your phone suddenly becoming grand central station for these little messages, save the message and call your provider. Write it down, if your phone does not allow you to navigate while you're talking to someone. Make sure you get to the security department or as close as you can in the phone chain, and then give your information. If they ask specifics about the message, you can tell them exactly when it was received and what it says, and possibly the address of the "sender" because you've written it down beforehand. They may not need this information, and they may tell you what Sprint told me. On the other hand, perhaps your provider has been lax on setting up a department that focuses on security in this manner? Maybe they take these issues on a case by case basis? By calling and providing the information you have at your disposal, it alerts cell phone companies to problems of which they may only be vaguely aware, and also gives them the potential for effectively combating this trend. More importantly, it puts the burden on the company to do what they can to curtail phishing scams through the use of their equipment or network. If enough people take this approach, cell phone service providers can only ignore customer concerns at their own peril. Of course, the speed and quality of their response toward both the customer's concerns and the actual text scamming may also be a good indication of whether or not you should consider switching providers.
3. Call X-Company to Alert them. In my case, the phishing messages are intended to convince me that my account at a local bank is experiencing difficulties. The issues is always different: account suspended, overdraft, debit card deactivated, etc. Obviously you don't call the number provided--that should be a give. Still, I wouldn't ignore the message entirely. At the very least, I'd call the business in question and alert them that you're receiving message that represent their company. In the same vein as the dialog with one's cell provider, it is customer response that pushes companies to adopt a more proactive view on dealing with the issue. However, that doesn't mean that all banks or organizations even know that their name and reputation are being used for criminal activity, or that they are prepared to handle the threat. Customer involvement should cause them to clarify the methods they use to obtain information, and the means by which they extract it form their customers. It is up to them to make clear in which cases they would request personal detail, the means by which they make their inquiries (by letter, phone, electronically), and the type of information they collect, depending on the problem at hand. In response to the two text messages I received in the space of an hour this morning, I checked the website belonging to the bank in question, and it so happened that they already have a scam alert about this very problem. The only aspect that I would probably change is to publish the scam alert on the home page, rather than supply a link to the message. I would want the viewer confronted with this information, rather than allow them to dismiss it. Still, ethically or even as it speaks to good customer service, this bank has done its job.
Yet I still called. It just so happens that this bank is one with which I have never done business. I have never had an account of any type with this institution at any time. Rather than assume that I am not affected as long as I don't give away my information to a scammer, I used this as an opportunity to make sure that no one had set up an account in my name. It takes not effort on the part of a bank employee to determine if you have an account at their institution. As long as you are not trying to find out any specific information on an account, you don't need to anything, and they don't need any information from you. The reason for checking is explanation enough. I did not do so, but I would even make sure that your middle name, if you have one, is not used along with your last name. If you have an account, then you can provide further information to determine whether or not it is merely a coincidence that an account that you never opened or had access to has the same name. They don't have to give specific details to find this out. All the information comes from you. If the bank or other organization just so happens to be one with which you are affiliated, then it becomes that much more imperative that you make sure your name is not being used to perpetuate fraud.
3. Warn your fellow users. At one point, most of the people I knew got their cell service from the same company I did. Even though some of them have left the fold, so to speak, I still have quite a few friends and family members that use the same provider as myself. My friend DB and I happened to be talking when she received one of these text messages. I didn't have to look at mine to know that these were the same people that sent me a text message previously; it also came as no surprise when I received the exact same message the next day. It doesn't hurt to warn the people you know, especially if the text itself appears to be sharing the same phone network. Beyond that, even, it's just helpful to tell people to watch for text messages about X-bank or company, because it's a phishing scam using the name of a legitimate institution.
It takes very little to inform others, so why not do so? The entire conversation with the bank employee the same amount time that it did for me to write this sentence. At that point, "not having time" is not a very valid excuse.
1. Someone Has Already Done It, Surely? I would never assume that someone else has alerted any authorities concerned. For one, how often do we hear that con artists are able to get away with their crimes because people are too ashamed to admit they've been taken? By the time one is caught, there's usually a long line of victims. Remember Madoff? Second, many people probably look at it, figure it has nothing to do with them and that it was a mistake, and pay only enough attention to delete the message. Even if the problem has already been reported, you will never know that for certain if you don't contact the relevant parties. If enough people assume someone else is going to call and make some noise, then it is increasingly likely that the problem will to come to light. It is the risk you run when you rely on others to handle problems that affect you directly. Becoming an active consumer ensures that you are informed, and ultimately responsible for your personal well-being.
2. Speak with Your Cell Phone Provider. I would not take it for granted that your provider knows about a particular series of fraudulent text messages. For you Spring users, I can say that, yes. In fact Sprint, at least according to the person I spoke with, has a department that is dedicated to dealing with scammers. I assume they focus on schemes which utilize the Sprint network in some way. Even so, if you notice that your phone suddenly becoming grand central station for these little messages, save the message and call your provider. Write it down, if your phone does not allow you to navigate while you're talking to someone. Make sure you get to the security department or as close as you can in the phone chain, and then give your information. If they ask specifics about the message, you can tell them exactly when it was received and what it says, and possibly the address of the "sender" because you've written it down beforehand. They may not need this information, and they may tell you what Sprint told me. On the other hand, perhaps your provider has been lax on setting up a department that focuses on security in this manner? Maybe they take these issues on a case by case basis? By calling and providing the information you have at your disposal, it alerts cell phone companies to problems of which they may only be vaguely aware, and also gives them the potential for effectively combating this trend. More importantly, it puts the burden on the company to do what they can to curtail phishing scams through the use of their equipment or network. If enough people take this approach, cell phone service providers can only ignore customer concerns at their own peril. Of course, the speed and quality of their response toward both the customer's concerns and the actual text scamming may also be a good indication of whether or not you should consider switching providers.
3. Call X-Company to Alert them. In my case, the phishing messages are intended to convince me that my account at a local bank is experiencing difficulties. The issues is always different: account suspended, overdraft, debit card deactivated, etc. Obviously you don't call the number provided--that should be a give. Still, I wouldn't ignore the message entirely. At the very least, I'd call the business in question and alert them that you're receiving message that represent their company. In the same vein as the dialog with one's cell provider, it is customer response that pushes companies to adopt a more proactive view on dealing with the issue. However, that doesn't mean that all banks or organizations even know that their name and reputation are being used for criminal activity, or that they are prepared to handle the threat. Customer involvement should cause them to clarify the methods they use to obtain information, and the means by which they extract it form their customers. It is up to them to make clear in which cases they would request personal detail, the means by which they make their inquiries (by letter, phone, electronically), and the type of information they collect, depending on the problem at hand. In response to the two text messages I received in the space of an hour this morning, I checked the website belonging to the bank in question, and it so happened that they already have a scam alert about this very problem. The only aspect that I would probably change is to publish the scam alert on the home page, rather than supply a link to the message. I would want the viewer confronted with this information, rather than allow them to dismiss it. Still, ethically or even as it speaks to good customer service, this bank has done its job.
Yet I still called. It just so happens that this bank is one with which I have never done business. I have never had an account of any type with this institution at any time. Rather than assume that I am not affected as long as I don't give away my information to a scammer, I used this as an opportunity to make sure that no one had set up an account in my name. It takes not effort on the part of a bank employee to determine if you have an account at their institution. As long as you are not trying to find out any specific information on an account, you don't need to anything, and they don't need any information from you. The reason for checking is explanation enough. I did not do so, but I would even make sure that your middle name, if you have one, is not used along with your last name. If you have an account, then you can provide further information to determine whether or not it is merely a coincidence that an account that you never opened or had access to has the same name. They don't have to give specific details to find this out. All the information comes from you. If the bank or other organization just so happens to be one with which you are affiliated, then it becomes that much more imperative that you make sure your name is not being used to perpetuate fraud.
3. Warn your fellow users. At one point, most of the people I knew got their cell service from the same company I did. Even though some of them have left the fold, so to speak, I still have quite a few friends and family members that use the same provider as myself. My friend DB and I happened to be talking when she received one of these text messages. I didn't have to look at mine to know that these were the same people that sent me a text message previously; it also came as no surprise when I received the exact same message the next day. It doesn't hurt to warn the people you know, especially if the text itself appears to be sharing the same phone network. Beyond that, even, it's just helpful to tell people to watch for text messages about X-bank or company, because it's a phishing scam using the name of a legitimate institution.
It takes very little to inform others, so why not do so? The entire conversation with the bank employee the same amount time that it did for me to write this sentence. At that point, "not having time" is not a very valid excuse.