Make Canoe my Homepage

Have you been SMiShed?

- March 23rd, 2012

7320366vwripkym

When we make credit or purchases at the store we always keep our card in sight and carefully hide our pin number from prying eyes; We’re savvy about emails promising us the lion’s share of a Nigerian estate settlement and those that congratulate us on winning the Irish Sweepstakes when we’ve never set foot outside of Canada or even bought a ticket. We are always on high alert knowing that these tactics are fraudulent and we know they’re a scam.

But can we truly manage to keep from falling prey to cyber predators?

While emails offering outrageous windfalls can often be questioned using common sense, sometime those from supposedly legitimate sources have shown that they can truly throw us off-guard.

That’s because criminals often send fake and often well-crafted emails known as “spoof” or “phishing” emails that are designed to look like the real thing.  With strong wording, these emails encourage us to click on links within the email that will direct us to fake websites, disguised as the legitimate sites of trusted institutions like our bank, PayPal or companies like eBay or Best Buy.

Like trying to avoid the wrath of the Borg, we comply, because, we’re worried about the consequences if we don’t. However, once those personal details turn to keystrokes, it’s too late!

Many organizations and institutions are doing their best to alert businesses and  keep consumers informed, but those that are determined to continue in their dastardly ways remain persistent.

 

Technology Changes Criminal Behavior

In fact, according to PayPal Canada, who did a study ahead of Fraud Protection Month (March), found that as technology changes, so does criminal behavior.

Do you have the same Spidey senses when it comes to your smartphone?

Attacks made via e-mail have gone beyond the desktop and are now targeting mobile devices like cell phones and smartphones through SMS or text messaging. This more recent phenomenon is called SMiShing, a term derived from “SMs phISHING“.

Again like emails, they can take many forms, but the criminal’s goal is still to lure you to a fraudulent site or trick you into revealing personal information.

But unlike emails, text messages are sent through a phone number and because of this people may be less likely to think it’s fraudulent and furthermore, while these have not been as prevalent, yet, it’s more likely people will be caught in the criminal’s web.

 

Forms of SMiShing

SMiShing can show up in various forms. The message may be a request to call your bank with the bank’s phone number in the form of a hyperlink; it might be a request to enter or reconfirm your debit card’s PIN or your CVV, the 3 digit code on the back of your credit card.

But sometimes a criminal’s intent can be quite cruel, playing on your fear, with the lure disguised as a message alerting you to a supposed emergency. And in a moment of panic, especially since the text came right to your phone, you can see how easy it would be to become a victim.

 

Further Protection

It’s not just SMiShing that could open you up to potential fraud. Losing your phone or having it stolen, which according to a January 2012 survey conducted by Ipsos Reid on behalf of PayPal Canada, has happened to about 28% of smartphone owners in Canada (23% lost, 5% stolen).

A few suggestions to protect yourself would be to obviously keep an eye on your phone; password protect, be aware of the data including information within emails stored on it and also be wary of apps downloaded from unknown sources. You may also consider investing in apps like Kaspersky Labs Mobile Security or Intego Virus Barrier for iOS.

“Your smartphone is like a safe that no one should crack,” says Nicky Mezo, head of Marketing, PayPal Canada.

So with March being fraud prevention month there is no better time like right now to start thinking about protecting your data and financial information through your smartphone from now on, as you do you computer.

For more helpful hints about how to stay safe, you can visit PayPal’s online Security Centre.

photo courtesy: Victor Habbick

 

Greg Gazin is the Real Canadian Gadget Guy.

Follow me on Twitter @gadgetgreg.

 

 

Subscribe to the post

12 comments

  1. smv | March 23, 2012 at 7:57 pm

    My smartphone is my mini computer. Thanks for the reminder to guard my phone and the personal information it contains.

  2. Geoffrey | March 24, 2012 at 4:42 am

    good read and thank you very much for sharing

  3. Tom Laing (@tomlaing) | March 24, 2012 at 9:09 am

    Good advice Greg – I have shared on FB, Twitter and Google

  4. Fred Putnam | March 24, 2012 at 2:43 pm

    I agree we never know when it is going to happen

  5. Effie Pappas | March 24, 2012 at 10:22 pm

    Just got an email from “RBC” asking me to go to their website by clicking on the link…………I promptly called RBC to advise them of this website and was told where to provide the details for this phishing scam. I must say though it was an “almost” exact replica of their website including logo etc and I can see how people could be fooled by this…………..

  6. Greg Gazin | March 25, 2012 at 8:32 am

    Effie,
    My point, exactly! Thanks for sharing! And now, it’s getting worse,with these alerts coming to you via SMS.

  7. Adam | March 28, 2012 at 12:35 am

    Wow PayPal shouldn’t have to do a study on scams. They run them regularly,

  8. Greg Gazin | March 28, 2012 at 12:40 am

    Adam,

    the study was about people who lost their phones, either by misplacing them or by having them stolen.

    As for PayPal, the spammers certainly favourite them. I get quite a number of bogus PayPal emails every week. Check out the link above re: PayPal security. It’s a good read.

  9. HGA | March 28, 2012 at 10:01 am

    Have received e-mails from “Heritage Auctions” (not really them, natch!”)
    three times. First, that my bid was successful for some comic or other, pay the $6,000.00 or so. Then I was notified that for another comic, I had
    just been outbid. Last of all, I was told my own comic had sold successfully, pack it up and send it to them – if I’d been dumb and if I’d had the comic in question (and I’ve got too many to check it!), I’d have
    been out the comic and any potential revenue from it.

  10. Anderson Davies | March 28, 2012 at 10:30 am

    Just got the Canada Post scam from last year.
    I was fortunate that my virus protection would not allow me to open the email. We have been expecting a package from an employer so I clicked on the link. As I said we were lucky.

    http://www.canadapost.ca/cpo/mc/aboutus/news/announcements/emailscamalert.jsf

    You will notice Canada Post does not tell you how to remove it.

  11. S McNall | September 3, 2012 at 4:58 pm

    And I just love the embedded links in this article. Just click on this lik to find … . But never would Canoe Tech get hacked and publish a bogus article. This is bad training following your lesson.

    Thanks for the chance to see the embedded links in action, these do seem to be legitimate and seem to actually point where they claim to point.

    S. McNall

  12. Greg Gazin | September 3, 2012 at 9:22 pm

    S McNall,

    The article was not specifically about links on sites.We touched on email but the focus on the piece was about SMS Phishing The idea was simply to keep people informed that this is possible and to think twice before clicking.

    With respect to your comment, I guess anything is possible but bogus links are less likely where the site is legit, reputable and controlled ( although they could show up in comments). So i don’t think that anything said here was bad training. Obviously you have confidence in the site otherwise you might not have clicked on the links.

    Thanks for your comment.

Leave a comment

 characters available