I was shooting promotional shorts this morning (watch them weeknights at :59 past each hour!), took a break and checked my messages on my cell phone. The voicemail from missed-call-number-two had me very, very, surprised:
“…(static)...we need your birthdate to have authorization to complete the transfer of funds to your bank account. Again, you asked us to transfer funds into your account and we need your birthdate to make the transaction. Please call us at….”
I couldn't believe it. Yours truly had just become the victim of phone phishing.
Since I use sites like PayPal and eBay for some transactions, I’ve experienced e-mail phishing before—this is when you get an e-mail from a bank or another institution that asks you to ‘click here’ to verify an account or to send some information (such as birthdate or Mom’s maiden name or your account number or password) to an address provided. This address looks at first like a legitimate business address—but look more closely. Usually there’s an extra ‘dot’ or letter or the logo looks a bit too cut and paste. But phone phishing? They’re trying to get us at every turn. You and I can close the window to potential damage by hanging up the phone and not calling back, (not that it isn’t really creepy when a criminal calls you). However, it can be a lot easier to get caught online with a quick click of your mouse.
The truth is that it’s actually very safe to conduct your money business on the web—certainly a lot safer than your snail mailbox, not to mention cheaper (fewer fees and more options), and more efficient. But phishing in general makes us feel unsafe and puts the unfortunate option of getting ‘taken’ in our own hands. Know that legitimate banks and lenders would never ask for personal information over e-mail. If you get a suspicious e-mail from someone posing as a business you’ve done transactions with, find the customer service e-mail of your ‘legit’ bank, lender, processor and send it there. Whatever you do, don’t click ‘Reply’ or any link within the message or open any attached documents that could unleash a virus. And if you get a phone call from someone who says they’re with your bank asking for personal information, tell them that you’ll have to call back through their general customer service line, this way, you’re sure to get a true employee and also be able to check up on your account.
There’s no need to live in fear of phone calls like I got or ‘phishy’ e-mails—just be suspicious and savvy. The danger lies in giving the villains what they want.
Shoot me your best ‘phishing’ e-mail or write me about getting ‘hooked’. What did you do about it and how bad did it get? Any questions or tips about spotting a ‘phish’?