Don’t take the bait when it comes to phishing!
In an increasingly digital world where we both communicate and conduct more and more of our business online – buying tickets, banking, shopping – consumers need to be on their toes when it comes to scammers.
Traditionally fraudsters came to your door under the guise of looking for work or selling an item in order to case the property out to see if there was anything of value or waiting to seize an opportunity to get inside and find cash or jewellery.
That still happens, sadly all too often in rural areas, but most con artists have moved online where they are faceless and, with the use of technology, hunt their prey at all times of the day and night.
The scams seem to be getting more and more sophisticated with fraudsters trawling Facebook and social media accounts to learn personal information about their targets and their associates or friends.
One such email landed into the editor’s inbox on Monday and initially seemed convincing. For a start it was from a recognised sender.
It read: ‘Hello, sorry to bother you, are you less busy?’
As I knew a number of senders by the same name, the first reply asked the sender to identify themselves further.
The reply quickly came confirming the person was a business associate and we were both involved in the same local club.
It continued: ‘I'm in a meeting now with no calls, the best way to reach me now is email. I have a task I need you to help me carry out discreetly now.’
This seemed out of character and I began to grow suspicious. A closer look at the email address showed it appeared to come from a randomly generated gmail address and not the email account on which I would normally communicate with this person.
Scam! But the journalist in me was intrigued – where was the scammer going with this and could anybody possibly be daft enough to fall for it?
I asked my new email friend what he needed me to do and simultaneously texted the person this scammer was posing as to ask him was he, in fact, emailing me from a meeting. That text response came quickly – no, he said, ignore it!
But the next email quickly flew into the inbox asking me to buy gift cards to surprise “our diligent staff” and, best of all, there was one for me too!
I went back and said it was most generous of him and asked how I could help?
And then came the big ask.
My scammer asked me to go to a local shop (he called it a store) and buy four Apple iTunes gift cards to the value of €100 each. He then asked me to scratch the silver panel at the back and take a clear picture of each card and email them to him so he could send them to each staff member.
He promised to reimburse me when he was out of the meeting and asked me to keep the physical cards and receipt.
Of course, by sending the code on the back, anyone could quickly use it to shop in the Apple store online and the physical cards in my possession would then be worthless and my money lost.
At that stage I was inclined to ignore him but my colleagues in the office were enjoying the exchange and suggested further replies.
‘Well, there are eight on the committee? Should I not get eight?’ I was prompted to ask.
No, just get four, he replied and urged me to get them quickly.
About 10 minutes later, I went back again: ‘I have them and the receipt but does scratching the panel at the back not make them null and void? I am near your offices or clubhouse now and I can drop them off to you. See you soon!’
He replied again, saying he was in a meeting, and urging me to scratch the panel and send the pictures.
Almost another 10 minutes later, I mailed him to say: ‘I am just outside your offices, I can see you through the window. I will leave them with reception. Chat to you at the committee meeting later.’
I haven’t heard another word since.
Do people really fall for that? Well, clearly they must or it wouldn’t be worth the fraudster’s time doing this. And, if they are lucky enough to hit upon a few coincidences in their story, somebody could be forgiven for buying into the scam – particularly if they weren’t familiar with how the codes on the cards can be used.
This type of crime is known as phishing. It’s a cyber crime that targets people by email, phone or text message by someone posing to be a legitimate institution or person to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details or passwords. Or in my case, Apple iTunes gift cards and the codes for same.
In very sophisticated cases, these type of scams can even result in identity theft.
These scammers have come a long way from those Nigerian Prince emails we all remember.
A text message to my phone a few days ago from an Irish mobile number said ‘mam, I have lost my phone and am using his number temporarily’.
I asked which of the children was this – no reply – but I know of a woman who replied ‘is this Áine?’ and after a text conversation that involved a lost phone and wallet, she very nearly ended up transferring money before growing suspicious.
People need to be wary of these type of scams. They appear too good to be true – in my case I was getting a €100 Apple iTunes voucher. Don’t click on links in any suspicious emails.
There is often a sense of urgency in the messages – in my case, the sender was in a meeting, needed help and was under pressure to get this arranged quickly.
Reputable institutions will not ask you to give sensitive information digitally and would never suspend your account without proper notice. When in doubt, visit the source directly rather than clicking on a link, or contact them by phone. Similarly, don’t open any attachments.
If anything seems out of the ordinary, unexpected, out of character or suspicious, don’t click on it.
Most fishermen cast several lines before getting a bite – it’s the same with phishing but the lure of the big catch is what keeps them going. Don’t take the bait. If it’s too good to be true, then it usually is!