Tag Archives: phishing

Phishing tactics are evolving – here’s how to identify spoofs and scams

3-bottom, Citizen Journalism, Crime Prevention, Hard News, How-To's, Tech Trends, , , , , , , ,
Like a thief with a mask, phishers hide behind falsified identities of well-known companies (Courtesy, Mohamed Hassan/pxhere.com)


By Koy Flores

WKTV Contributor

deborah@wktv.org


The internet has forever altered the flow of information on a global scale. We can pay homage to our ancestors who sent messages in bottles and men on camelbacks, but digital communication has changed the way humans interact for good.

That is not to say the evolution of the internet has been consistently humanitarian because, like a thief with a mask, phishers hide behind falsified identities of companies you know.

The evolution of phishing

Consumers Energy recently alerted customers to be on guard against a new scam threatening service shut off unless immediate payment is made. Through email and phone calls, scammers are spoofing company phone numbers and telling customers they need to pay a balance immediately, insisting payment be made via prepaid debit cards or gift cards.

“We know most people are careful not to give their money and personal information to strangers, but we want to make sure they’re alert of these criminals who are persistent and determined to con people out of their earnings,” said Jim Beechey, Consumers Energy’s Vice President of Information Technology and Security.

Scammers stay on top of the latest products, trends and technologies in order to steal money and/or confidential information (Courtesy, pxhere.com)

Everyone with a telephone or email address has likely been contacted by a phisher at some point. The scary part is, through the use of data breaches and social media stalking, many of these fraudulent messages actually contain true information. One key to recognizing a phishing attempt is the use of out-of-date information (ex: use a maiden name or an address from five years ago).

“These fraudsters are great at staying on top of the latest products, trends and technologies in order to find a way to steal money, confidential financial information or both,” said Nakia Mills, Vice President of Digital Marketing and Brand Strategy for Better Business Bureau (BBB) of Michigan.

According to BBB’s Scam Tracker Risk Report, the top ten riskiest scam types are:

  • Investment/Cryptocurrency 
  • Employment
  • Romance/Friendship
  • Online Purchase
  • Home Improvement
  • Phishing/Social Engineering
  • Advance Fee Loan
  • Travel/Vacation/Timeshare
  • Government Grant
  • Tech Support

What is phishing and spoofing?

Phishing is defined as the fraudulent practice of sending emails and messages purporting to be from reputable companies to trick people into revealing their personal information, such as passwords and credit card numbers.

Spoofing is defined as someone disguising an email address, sender name, phone number or website URL – often by changing just one letter, symbol or number – to convince victims that they are interacting with a trusted source.

Encountering spoofing and phishing schemes are common in this digital age (Courtesy, pxhere.com)

Phishing schemes will use spoofing techniques to falsify aliases and manipulate unsuspecting customers into giving criminals personal or sensitive information. (fbi.gov)

Warning signs to avoid digital scams

Mills said a recurring tactic of scammers is “relying on the person being targeted to act quickly without thinking or checking facts.”

According to Mills, the top five scam warning signs to watch for when interacting with someone virtually are:

  • Offers that appear too good to be true (tickets that are hard to acquire or a holiday toy that is not in stores) 
  • Someone forcing you to make a quick decision without time to do research or talk about it with others
  • Meeting someone online who consistently has an excuse not to meet in person or via videochat
  • A request to send money in order to receive money. This includes fake employment, fake government grants, scholarships, etc.
  • Insistence on payment in a specific way, especially via a gift card, money order or payment app

When asked about the damage these cons have inflicted on victims and their families, Consumers Energy Spokesperson Brian Wheeler stated that they do not have a metric for how many people have made payments to scammers, but that hundreds of people have been contacted by a spoofer of Consumers Energy.

Different types of scams

Scammers coming to a residence purporting to be a legitimate company official or contractor is a bold ploy used often. Both DTE and Consumers Energy state they will usually notify customers in advance of any such visit, whether through letters, emails or phone calls – but not always.

Beechey recommended asking to see identification badges before allowing contractors into your home. If doubts persist, call the official customer helpline telephone number of the “company” at your door. If they refuse to show identification or become agitated, DTE recommends locking the door and dialing 911.
 

Legitimate websites can be impersonated as part of a scammer’s scheme (Courtesy, U.S. Army)

Also be aware of trickier phone scams.

BBB released an article in 2024 (“Can you hear me?”) informing the public of a quick phone scam that involved callers asking, “Can you hear me?” several times. The goal was to trick people into saying “yes” so the caller could edit the audio and use the victim’s voice to confirm big purchases.

These scams may also be geared toward banking, vacation packages, warranties and even Medicare cards.

Scammers may also contact family members for “verification” of information or may utilize coercion in an attempt to obtain sensitive information. If this happens, BBB recommends hanging up the phone and notifying that family member immediately. (BBB Scam Alert)

“In addition to posing as government officials,” said Mills, “our most recent BBB Scam Tracker report found that the most impersonated organizations were Publishers Clearing House, [the] U.S. Postal Service, PayPal, Amazon and Spectrum.”

Take action

If you receive malicious looking emails, the BBB says to avoid clicking on links or replying. Instead, report it to your local BBB.

Be sure to report scams and scam attempts to prevent others from becoming victims (Courtesy, pxhere.com)

If you made a payment to Consumers Energy and think you are a victim of a scam, call 800-477-5050. Those who did not make a payment but believe they are a victim of a scam must file a police report with local law enforcement.

Visit BBB: Scam Tracker to look up and/or report potential scams.

Michigan launches free app designed to protect mobile devices from threats

3-bottom, City of Kentwood, City of Wyoming, , , , ,
Now available to download for free is the Michigan Secure app. (WKTV)

By Joanne Bailey-Boorsma
joanne@wktv.org

There are no bells or whistles or even alarms; just a simple text message to your phone as you walk into the store: “CAUTION: The Unknown network you are connected to is not encrypted. Please avoid any private or confidential transactions unless using secure Websites…”

The message comes from a free app, called Michigan Secure, which is designed to help Michigan residents navigate an increasingly technology-based world.

“Much of the activity that people do is online,” said the state’s Director of Communications Caleb Buhs. “Students taking classes to people making purchases.”

With the growing use of technology comes a high risk of people’s personal information getting stolen through threats, such as unsecured internet access, that most people don’t even realize are out there.

“It is designed to make people aware,” Buhs said. “If you are at the gym and suddenly decide to make a purchase for new equipment or clothing, the alert will come up that the internet is not secure. Maybe that is not the time to make that purchase.”

Developed by the Michigan’s Department of Technology, Management and Budget, the department in charge of keeping highly sensitive public information protected, the project was started two years ago because of the increase in cybersecurity crimes against both individuals and companies.

 

Many are familiar with the SolarWinds data breach, one of the largest data hacks in U.S. history, that resulted in more than 18,000 computer networks being sabotaged. There are also the everyday reminders of not to open emails from the IRS or Social Security as neither would contact people in such a way. According to Pew Research, more than 60 percent of Ameicans have personally experienced a major data breach. The cost of the average data breach to a U.S. company is around $8 million.

Buhs said with the recent pandemic, which forced many into remote work and classrooms, the risk of cyber attacks become even higher. In fact, because of the growing use of technology by municipalities and schools, institutions are facing more malicious cyber attacks. Just this March, a cyber attack on Microsoft focused on vulnerabilities in its exchange service, email software, and calendar resulting in 30,000 organizations getting hacked. More recently, college students across the nation are being warned about a phishing attack to steal students personal information to file false tax claims.

The message that appears when your phone connects to an unsecured Wi-Fi network. (WKTV)

The Michigan Secure app is designed to detect phishing risks by checking links. It also will alert a user to an unsecured Wi-Fi network, check apps before they are downloaded, and when a system has been tampered with. Michigan Secure even has a database of potential threat indicators to notify individuals of activity on their phone that matches a documented threat. Everything is designed for the user to determine what they want and do not want to use.

The Michigan Secure app is a free download from App Store or Google Play. The app runs on devices with iOS 11 or higher, Android 6.0 or higher and Chromebooks with Android App Support. 

“While the security of our mobile devices is critical, it is also important to respect people’s privacy,” DTMB Director and State Chief Information Officer Brom Stibitz said. “Michigan Secure does not require anyone to share their personal information or mobile data. It exists for the sole purpose of detecting threats and notifying the user.”

The Michigan Secure app does not collect, store, or monitor the personal information of users that download it. The app’s code and privacy configuration settings have received the approval of the American Civil Liberties Union for the way it protects individual privacy.

Within only a few days of release, which was earlier this year, the app had more than 1,000 downloads and interest continues to build. Buhs said he believes Michigan is the first state to offer such an app with only the City of New York having something similar. 

For more information about the app, visit Michigan.gov/MichiganSecureApp. Visit the Michigan Cybersecurity website at Michigan.gov/Cybersecurity for information ranging from how to practice proper cyber “hygiene” to learning about what to do if you are a victim of a cybercrime.