LITS partners with our community to support inquiries and recommendations regarding Cybersecurity. October is National Cybersecurity Awareness Month (NCSAM), an initiative dedicated to raising awareness and spreading resources you need to stay safer and more secure online. LITS will be sharing tips and advice all month long to help you understand, secure, and maintain your digital profile.
People lose a lot of money to phone scams — sometimes their life savings. Scammers have figured out countless ways to cheat you out of your money over the phone. In some scams, they act friendly and helpful. In others, they might threaten or try to scare you. One thing you can count on is that a phone scammer will try to get your money or your personal information to commit identity theft. Don’t give it to them.
The US Federal Communications Commission, has well curated Cybersecurity resources on their website: fcc.gov/spoofing
How to Recognize a Phone Scam
Phone scams come in many forms, but they tend to make similar promises and threats, or ask you to pay certain ways. Here’s how to recognize a phone scam:
- There is no prize: The caller might say you were “selected” for an offer or that you’ve won a lottery. If you have to pay to get the prize, it's not a prize!
- Don’t trust your caller ID: Scammers can make a number show up on your caller ID- it's called spoofing.
- You won’t be arrested: Scammers might pretend to be law enforcement or a federal agency. They might say you’ll be arrested, fined, or deported if you don’t pay taxes or other debt right away. The goal is to scare you into paying. Real law enforcement and federal agencies won’t call and threaten you.
- You don’t need to decide now: Legitimate businesses will give you time to think their offer over and get written information about it before asking you to commit. Take your time and don’t get pressured into making a decision on the spot.
- There’s never a good reason to send cash or pay with a gift card: Scammers will often ask you to pay in a way that makes it hard for you to get your money back — by wiring money, putting money on a gift card, prepaid card or cash reload card, or using a money transfer app. Anyone who asks you to pay that way is a scammer.
- Government agencies aren’t calling to confirm your sensitive information: It’s never a good idea to give out sensitive information like your social security number to someone who calls you unexpectedly, even if they say they’re with the Social Security Administration or IRS.
For more information on this kind of cybercriminal behavior, including how to stop phone calls and what to do if you've fallen victim to a phone scam, visit https://www.consumer.ftc.gov/articles/0208-phone-scams .
When a scammer uses a text instead of an email, it’s another kind of phishing attack called a “smish,” short for SMS phish. Hackers exhaust all options in an effort to trick you. Some scams impersonate companies you already work with, like your bank, phone, or internet/ cable company to name a few. In early 2020 scammers impersonated Verizon for a wide range of smishing attacks leading people to a fake Verizon website.
But you don’t need to be caught unprepared - just like an email phishing scam, a smish will have some telltale signs. Here’s what to watch out for:
- The text is from a 5000 number: Be on the lookout for messages that contain the number "5000" or any number that is not a real phone number. This is a strategy where scammers have masked their identity so their location and identity are not traceable.
- You don’t recognize the number: If you don’t recognize the number, don’t respond. If it’s important, the person or company will use another way to reach you.
- A text that just doesn’t feel quite right: If your spidey sense is tingling that’s a good sign; don’t ignore it! Give the sender a call instead of replying to their text.
- If a text has urgency: Scammers try to scare you into responding immediately. If you get a text that is alarming, even from a company you recognize, don’t respond right away. Take a deep breath, look closely at the text, and then respond by calling the company who sent the message. Don’t use the phone number in the text, but the contact information listed on the company’s website.
- Includes attachments: Attachments from a friend or organization you recognize might even carry malware or a virus - don’t click or open them.
- Asking for personal information: Trustworthy companies never ask for personal information via text. Do not respond!
By now, you may be an old hand at working from home - you’ve taken over a closet, spare bedroom, or kitchen and made it your “office” away from the office; you’ve figured out where and when to work and set up (some) boundaries between work and personal life.
The only thing not going so well is that your cat is still walking on your keyboard. You may have also discovered that working from home can complicate security best practices, make it harder to share tips with colleagues, and more difficult to recognize and report potential incidents.
Continue cybersafe best practices
The rules and policies you followed at work still apply when you’re working at home. Following password best practices, handling personal data safely, watching out for social engineering scams like phishing, vishing, and smishing – they all matter.
Don’t hesitate to ask questions
If you’re worried about software updates or, the security of your home network, reach out to your manager or the LITS Help Desk at 413-538-2600 or helpdesk@mtholyoke.edu. We can’t help if you don’t ask.
Report any potential incidents immediately
Security or privacy incidents can happen anywhere, even at home. If you think an incident has happened, no matter how uncomfortable you may feel, make sure you report immediately to the LITS Help Desk.
Keep communicating
Continue to reach out to your coworkers and colleagues - stay connected to stay informed!
Cybercriminals know that the best time to turn a phish into a catch is when life gets overwhelming. The volume of fraudulent emails and text messages spiked by more than 667% during the early weeks of the pandemic. And, as long as COVID sticks around, scammers will try to use it to their advantage. Look for the warning signs of someone trying to manipulate you - obvious giveaways include:
- fake URLs
- pressuring you to act immediately
- urging you to click a hyperlink
- asking you to provide personal or financial information.
Remember that government agencies will never call you to ask for personal information or money.
Stay informed
Stay current with the latest information on COVID-19 without getting scammed: scammers have created hundreds of thousands of fake “COVID-19” phishing web sites. Make sure you visit only trusted websites such as the Center for Disease Control’s official site, or your local county or state health department web sites.
If you’re unsure about a web site, you can always use this Google tool to check that it’s safe.
Be skeptical
Cybercriminals try to grab our attention with COVID-19-related phishing emails on subjects like:
- Contact tracing - “Someone who came in contact with you tested positive or has shown symptoms of COVID-19. Officials recommend you self-isolate and get tested. Click Here for Names!!!"
- Relief funds - “The Financial Care Center is offering you $30,000 in COVID-19 relief. Claim HERE!!!"
- Cures - “Amazing COVID cure discovered. There’s hope! Sign-up for the trial NOW!!!"
Always be wary of emails and offers that are too good to be true.
Visit our Security and privacy page for more information on cybersecurity.
