PETERSON AIR FORCE BASE, Colo. — Many of us believe we’re too clever to fall for a phishing scam. However, scammers today have gotten good. Their tricks now go far beyond the “Nigerian prince” letter asking you for money.
In general, scammers make it seem like they need your personal information quickly — or something bad will happen. They might say your account will be frozen, you’ll fail to get a tax refund, your boss will have you fired, that a family member will be hurt, or that you will be arrested. They tell lies to get you to give them what they want.
Fraudsters often sound legitimate because they likely already have some of your personal information. They may rattle off your Social Security number or the last four digits of your credit card — possibly the result of a previous data breach from a retailer or other company. Many can be aggressive and downright nasty when they threaten jail time and demand money on the spot.
Today, as technical security defenses against electronic phishing have gotten better, criminals are now seeking to directly target individuals using a type of psychological manipulation known as “social engineering”. It’s a lucrative crime.
You don’t need a skilled programmer to do social engineering – just someone who sounds convincing over the phone. On top of this, the growth of social media has played right into the criminals’ hands.
A key part of social engineering is having information on your target. Criminals can get this from buying hacked data or by studying a victim’s social media profile.
An Airmen stationed in California recently received a call from someone posing as a member of his bank’s fraud prevention team. The caller had likely researched the Airman’s Facebook profile and found posts about a recent trip to Hawaii.
The scammer told the Airman that they had found some unusual transactions from three high-end stores in Hawaii, but not to worry, the fraud team stopped the fraudulent transactions. However, because the account had been compromised, he needed to transfer his account balance into a new account they had set up in his name.
The caller was completely professional, knew his name, account number, and about his recent travels to Hawaii. The Airman transferred his entire account balance over and none of it has been traced or recovered ever since.
This summer, an Airman at Peterson Air Force Base received a call from someone posing as an IRS employee. The caller told the Airman there was a serious issue with her taxes and that she would be arrested if she didn’t immediately purchase $1,000 in iTunes gift cards and turn them over to the caller.
The Airman did as she was instructed, and once the caller verified the gift cards were legitimate, he immediately ended the call never to be heard of again. This IRS scam has become so common that the Treasury Department posted an alert on their website about impersonators calling and demanding payments on iTunes gift cards, Green Dot Prepaid Cards, and other forms of prepaid credit cards.
The bottom line is that scammers today are very clever.
If you receive a phone call from a name or number you do not recognize, be very skeptical. Don’t answer personal questions, don’t engage, and if you must respond, consider answering a question like, “Who is calling?”
If you believe that the call is not legitimate, hang up. If you feel the call might be legitimate, hang up, and call back using a different phone from the one they called you on.
Remember, the IRS, your bank, or any other Government agency, will never:
• Call to demand immediate payment
• Demand that you pay money without giving you the opportunity to appeal
• Require you to use a specific payment method such as gift cards or prepaid debit cards
• Ask for credit or debit card numbers over the phone
• Threaten to bring in law enforcement to have you arrested for not paying
If you think you have been the target of a phishing scam, collect as much information about the incident as possible and contact the local security forces or the Air Force Office of Special Investigations.