BBB Tips: The many forms of phishing

If you receive an unsolicited or unexpected communication asking you to provide personal information, download an attachment or send money, beware — it’s probably a phishing scam.

Phishing scams take countless forms, but many of these communications are from impostors masquerading as trustworthy businesses and organizations. They may be “phishing” for Social Security numbers, passwords, credit card information or other personal details for use in identity theft.

Examples of phishing scams reported during the COVID-19 pandemic include phony contact tracing, fraudulent testing and vaccine registration forms, and even offers for free video streaming subscriptions. Other phishing scams may allege the consumer owes money for a delinquent account.

More than 250 phishing scams in eastern and southwestern Missouri and southern Illinois were reported to Better Business Bureau Scam Tracker in 2020. They are among about 4,600 scams nationwide reported to Scam Tracker last year.

A St. Louis woman told BBB in October 2020 that she had received a phone call and an email that both offered to upgrade her to an “Amazon Prime Gold Membership,” which does not exist. The caller gave her a number to call in order to provide payment information, while the email mentioned order details and had several “miscues,” the woman said. The woman did not follow up on either solicitation.

Fraudsters use a creative array of cover stories to disguise their true intentions. The message may promise a reward (a gift card, free item); threaten a punishment (unpaid taxes, missed jury duty, deactivated bank account); or appear entirely mundane (such as a file from the office scanner).

Phishing scams tend to follow a pattern. The victim receives a phone call, email or text message (called “smishing” or SMS phishing). In the communication, the scammer urges the target to share information, send money, click a link or download an attachment, which likely contains malware. In the case of an email or text, the link frequently leads to a form, which prompts the target to enter personal information.

Think twice before downloading anything from the internet, especially if it’s an attachment from an anonymous sender. Scammers will hide malware in an attachment and once it is downloaded, it can wreak havoc on computers or steal personal information.

Tips to avoid phishing scams:

• If something sounds suspicious, confirm it by calling the company directly or checking the company website. Don’t click on links in an unexpected email — type the URL for the company into your browser or do a web search to find the right website. Call a trusted phone number for the company other than one provided by the caller to verify the caller’s identity.

• Don’t click, download or open anything that comes from an anonymous sender. This is likely an attempt to gain access to your personal information or install malware on your computer.

• Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Always be wary of unsolicited messages that don’t contain your name, last digits of your account number or other personalizing information.

• Be cautious at work. Some phishing scams specifically target CEOs, executives and managers in an effort to get company information or personal details on all employees of a company. BBB published an in-depth investigative study on such scams in 2019.

Report any scams to BBB Scam Tracker at bbb.org/scamtracker.

Michelle Gleba is the Mid-Missouri regional director for Better Business Bureau.