Tag: smishing

When it comes to Pokemon Go, “if you wanna be the very best, like no one ever was, to catch Pokemon WAS your real test, but NOW to avoid scammers is your cause!”

Picking up on the popularity that is flooding the smartphones of consumers by storm, scammers are now taking advantage of these players’ vulnerability to “catch em’ all”. Enticing users with promises of coins and special features which could lead to intrusive malware, scammers are jeopardizing the safety of consumer’s personal and financial information.

In the past few months, North American users have been hit with thousands of SMiShing attacks, reported Adaptive Mobiles, an Irish mobile security firm. The scam texts promote a copy-cat site called pokemonpromo.com (which has since been taken offline), and claims to give users additional features if they refer 10 of their friends, which would continue the malware download cycle.

However, this is only one of a number of sites who are playing the same malware game. A number of scammers have also created a bunk version of the app that allows them to take control of the user’s phone. A number of users have been targeted through email as well.

In a report by the Better Business Bureau and Variety Magazine, “Users are advised that they have to upgrade to a paid version that will cost $12.99 per month. […] Your account will be frozen in 24 hours if you do not upgrade.”

We’re hoping that as the intrigue for the app dies down, scammers will back off on their schemes as well. Until then, here are a few tips from the BBB to help you catch em’ all before you get caught up in a scam:

  • Be wary of unexpected emails that contain links or attachments. Do not click on links or open files in unfamiliar emails.
  • Check the reply email address. One easy way to spot an email scam is to look at the reply email. The address should be on a company domain, such as jsmith@company.com.
  • Don’t believe what you see. Just because an email looks real, doesn’t mean it is. Scammers can fake anything from a company logo to the “Sent” email address.
  • Consider how the organization normally contacts you. If an organization normally reaches you by mail, be suspicious if you suddenly start receiving emails or text messages without ever opting-in to the new communications.
  • Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Be especially wary of messages you have not subscribed to or companies you have never done business with in the past.

If you or someone you know has been a victim, or has experienced any of these scams, please share and report them to the BBB Scam Tracker or FCC.

Read Full Article

Election season is in full swing, and whether you’re on Team Hillary, Team Trump, or opting out of voting, you’ve realized there’s no escaping the debate. Who is the more qualified candidate? Who will win the election? Presidential campaigns and political opinions will keep flooding you every which way.

Easy solution: Turn off all connection to the media!

In real life: Turn off the tv and miss the latest episode of The Bachelor?! No way! Avoid the internet?! I will not live under a rock! Don’t even get me started with my phone! Aren’t these annoying calls against the law!?

Yes, your phone. How could we ignore the annoying unwanted calls infiltrating your handheld and land line devices?

According to the CTIA, “Telemarketers may not call during certain hours, and they may not use auto dialers and recorded messages to call numbers which will result in charges to the consumer. There are, of course, some exemptions to the TCPA. These exceptions permit businesses to make calls to customers with whom there is an established relationship, as well as calls made on behalf of a non-profit organization, or for non-commercial purposes, which allows pollsters and political campaigns to make such calls.”

There you have it. Scammers have found a loophole (granted, there’s never really been anything that could stop them). As the presidential elections are heating up, there are a number of political campaign scams that you should be aware of:

Re-register Scam
You may not have voted last election, but that doesn’t mean your name has been taken off the list. Scammers are using this tactic to weasel their way into getting your personal information such as your address, email and even your social security number. Remember, never give out personal or financial information over the phone, especially if you have not confirmed who is calling you. To make sure that you are still a registered voter, it’s best that you contact your Board of Elections who will have voter registrations on file.

Campaign Fund Donations
When telemarketers and robocalls are constantly asking you for donations, your immediate reaction is to hang-up. Election season is no exception to this rule. When you receive an unexpected call asking you for money, you are naturally skeptical. Use this same caution when you receive a call claiming to be a political party representative or an election committee member. Even better, if the caller says they’re Hillary or Trump, this is a major red flag. However, some of these calls are legitimate. So, before you sign a check to show your support, it’s important to get the caller’s contact information and confirm the organization or campaign you are supporting so you can donate directly to a viable source.

Verifying voter registration
Just like the re-register scam, scammers are also tricking victims into giving out their personal information in order to verify their voter registration. Their claim is by verifying one’s registration, the voting process will be that much easier.

Election Survey Scam
Who doesn’t want to win a prize, right? Guaranteed, the cost of your personal information isn’t worth it. Scammers know enticing consumers with an incentive like free trips or gift cards is an easy way to make their next victim putty in their hands. While claiming to be conducting a survey on behalf of a political party, scammers will refer to a controversial headline in the news to show credibility. Then, they let you know you’ve won after you provide your credit card number to pay for shipping, taxes, or handling of the “prize.” Be aware that official polling companies will never offer prizes for participating in a survey. They will also never ask for personal or financial information.

Show support and vote by phone or text
Lastly, you may have received text messages similar to these:

Or you may have received calls asking you to vote by phone or text message. These are huge red flags! Despite how advanced technology has become over the years, we still cannot vote via a phone call or text message. If you receive a call requesting you to vote, hang up immediately. Votes can only be cast through mail or in person.

So, the next time you feel like you’re being targeted by the election scam, play it safe. Hang up the phone and do your research on how you can legitimately vote, donate or show support for either presidential candidate.

Read Full Article

As seasons change, so do scammer SMiShing targets. From summer to autumn, we’re seeing a new wave of scams that are affecting trendier companies, such as Uber, while other scammers are seizing the opportunity to use the political season to their advantage!

Bank scams reign king

Per usual, bank scams reign king and are flooding phones from the U.S. to as far as Australia. Bank of America customers in the U.S. are receiving authorization codes to make online payments, while international banks in the U.K. (Natwest Bank) and Australia (Commonwealth Bank) are using scare tactics and notifying customers that their accounts have been compromised and locked. As always, HMRC SMiShing in the U.K. won’t give the IRS scam a rest as they provide links for consumers to click to redeem their refunds. 


To warn and keep their customers safe from scammers HMRC is sending the following:


Targeting Apple craze

With all the hype of Apple’s unveiling of the iPhone 7 and iOS 10 update, to the iPhone users in the U.K., don’t be caught off guard. Spam texts are still being sent regarding blocked Apple-ID’s due to failed log-in attempts. The more recent Apple scam is a text to your iPhone regarding your lost iPhone being found from Find My iPhone (doesn’t make sense right?!).


Requesting Personal and Financial Information

It just never ends for the U.K. The Driver and Vehicle Licensing Agency (DVLA) also became a victim as their name was used in a number of emails, texts and telephone calls asking citizens to confirm personal or financial information.

The DVLA warned the public of the scams with the following:

“We don’t send emails or text messages with links to websites asking you to confirm your personal details or payment information. We strongly advise anyone who receives such a request not to open the link and delete the item.”



“I booked a trip where?”

As for apps and social sites, their popularity has placed them on the scammer radar hit list. If you’re an avid Uber user, you may receive pre-arranged Uber trips that you don’t even remember booking. If so, IGNORE IT!


Political Campaign Bandwagon

Lastly, it’s not a surprise if you’re receiving text messages from Hillary Clinton or Donald Trump. Whether they are spam texts bashing one another or a message for self promotion, a number of consumers have questioned how they even got on either candidate’s list! Just know it’s the political season and it’s only the beginning.



Read Full Article

Robocalls are getting center stage these days, but as they get more and more attention, are you aware that there are different types of unwanted calls, and all these types of calls aren’t necessarily from robots?

Just like apples, that come in a variety of types such as Granny Smith, Red Delicious, Honeycrisp, and Pink Ladies, phone scammers are tricking you with a variety of ways to steal your identity or personal information.

Now’s the time to test your phone scam knowledge. How many of these phone tactics can you pinpoint as a type of phone scam? Good luck!

Unwanted Scam 1:
It’s three months after tax season, and you’ve just received a call informing you that there is a warrant out for your arrest due to your involvement with tax fraud. If you do not want drastic measures to be executed, they tell you that you must call the IRS back at the following number.

a) Bobbing
b) Phishing
c) Wading
d) Floating


Phishing: When you receive a fraudulent message that tricks you into believing it’s from a legitimate establishment (bank, IRS, phone company etc.), that is called phishing. Scammers will give you phone numbers to call that will try to acquire your personal information and steal your identity.

Unwanted Scam 2:
You receive a text message that states your bank account has been compromised and your account has been suspended. The only way to reactivate your account is to click on a link to verify your personal information.

a) SMiShing
c) Bumping
d) Crashing


SMiShing (SMS phishing): When a scammer sends a text message that tries to trick you into clicking a link. The link then downloads a virus or other malware onto your mobile device. These scams try to look like legitimate alerts from your bank, however, it’s a scam to steal money from your account.

Unwanted Scam 3:
You get a call but you don’t recognize the number. However, they do have a local area code so it must be someone from your area, right?

a) Spelunking
b) Sketching
c) Kerplunking
d) Spoofing


Caller ID Spoofing: When a caller disguises themselves, by name or number (or both!), by transmitting information to your caller ID display. This tactic is often used to trick consumers into giving away personal information so it can be used in fraudulent activity or sold illegally.

Unwanted Scam 4:
Your phone rings and when you pick up, you hear an automated recording alerting you that your credit card has had fraudulent activity. The automated messaged then instructs you to enter your credit card number on the key pad to confirm your account.

a) Frying
b) Crabbing
c) Vishing
d) Curling


Vishing (Voice phishing): When a scammer steals a consumer’s personal information or money using the telephone network. They claim to be from a legitimate company and request your personal information to resolve the so-called financial issue.

So, how’d you do? Whether you got them all right on your first try, or maybe just one or two, we hope that seeing and hearing these real-life examples will help keep you safe the next time a scammer comes to call.

Read Full Article

The world around us changes constantly and so do our efforts in protecting our users from unwanted calls and text messages. As cyber criminals are constantly looking for ways to make money, calls and text messages have become their new weapon of choice. Phone scammers now have more tools than just 10 years ago: there are currently over 2 billion smartphone users worldwide, calls cost almost nothing from anywhere in the world and a variety of information is stored online.
In a world where everything is connected and just a tap away, fraudsters are not limited to phone calls in their efforts of stealing people’s personal information. They now also use text messages and a tactic called smishing, short for “SMS phishing”.

What is Smishing?

Users targeted by a smishing attack will receive a text message from a seemingly reputable sender with a link to a website. Once the user clicks on the link, they are taken to a phishing website. Phishing websites often impersonate financial institutions and are designed to look exactly like the website of an actual bank. If a user enters log-in data on the fake website, the fraudsters behind it are able to automatically capture that information. A closer look at the URL details will sometimes reveal whether a website is fake or not. However, fraudsters know that it’s hard to judge if a site is legit when you’re on a small smartphone screen.

Smishing campaigns usually target large, trustworthy financial institutions to leverage that trust against individuals. Some of the most recent attacks targeted Bank of America, Wells Fargo and Discover Card clients. Fraudsters are known to cast a wide and indiscriminate net, which is why some people get bogus notifications encouraging them to activate credit cards they’ve never applied for, as seen in the image below.

What You Can Do to Protect Yourself From Smishing

We at Hiya are here to help protect you. Our mission is to provide a better phone experience and keep users safe from dangerous scams and spam. Our Reputation and Data team is focused on tracking threat patterns to better identify and forecast rising threats, giving you a high level of protection.
One way to prevent fraudsters from getting to you is by downloading our Hiya app for Android and iPhone. Hiya doesn’t just tell you who’s calling or texting. It also warns you when potential spammers or scammers are on the other end of the line. You can set your own blocking preferences or let Hiya automatically block all spam and scam calls. If you do get an unwanted call, you have the option to report it to the Hiya community. That way, you help keep scam artists from reaching others. We also offer a reverse phone lookup feature. Simply type in any phone number to view the reports of suspicious activity.
Don’t let cyber criminals trick you into sharing sensitive information on a phishing website. Let Hiya unmask the fraudsters for you.

Read Full Article

It may be summer, and most of us are enjoying the sunny weather with a little rest and relaxation, but unfortunately, it doesn’t mean scammers are taking a break.

This month, we have confirmed that SMiShing attacks from a number of banks in North America are not slowing down. U.S. customers are still receiving spam texts from Bank of America while Canadian Bank of Imperial Commerce (CIBC) attacks are not letting up either.

And if you thought that the United Kingdom is getting a break, think again. As annoying as it was in June, Apple customers in the U.K. are still being flooded with information verification spam texts amongst their Apple ID and iTunes accounts.

Unfortunately, the IRS scam isn’t just a U.S. issue either. Months after most of us have filed our taxes, text message attacks from HM Revenue & Customs in the U.K. are not targeting customers over unpaid taxes, but now it’s all about them overpaying. Scammers are providing messages that include a “link” where customers can receive their tax rebate at a click of a button.

Lastly, the newest and most recent scams that have been brought to our attention are for Amazon and WhatsApp. Amazon customers are receiving a number of text messages of order delivery dates that they never made, and WhatsApp users are being alerted with the need for information verification to renew expiring subscriptions.

Keep an eye out on a number of these scams, and if you have a scam that you’ve been targeted with, share and send your screenshots to social at hiya.com.
JulyScam-BOAJulySpam - CIBCJulySpam - AppleJulyScam - HMRCJulySpam - AmazonJulyScam - WhatsApp

Read Full Article

Being a victim of a phone scam is never fun, and here at Hiya we’re doing our best to protect and prevent you from being a scammer’s next victim. In our monthly round up of the “Worst Phone Scams of the Month,” we’ll keep you posted on the latest scams that are affecting fellow smartphone users, by informing you about the latest trends in phone fraud and text messaging attacks.

This past month, we have confirmed a number of SMiShing attacks in the U.S for Bank of America while text messages for Scotiabank and Canadian Bank of Imperial Commerce (CIBC) are affecting our neighbors to the North.

As for AT&T and Apple customers, there is an increase of SMiShing in the United Kingdom amongst Apple ID, iCloud ID, and iTunes accounts. Messages will warn customers that their accounts have either been deactivated or suspended, or have had too many unsuccessful login attempts, and to verify their information through a link.

Lastly, despite tax season being over, scammers are making their way internationally through text message attacks from HM Revenue & Customs in the United Kingdom. Luckily, HMRC has caught on and has notified their customers that they “will never ask for personal/payment information by text or email”.


Below is our monthly Smishing sampling for you to keep an eye on:

Apple4Apple3 Apple2 Apple1 BOA2 BOA1 CIBC1 HMRC3 HMRC2 HMRC1



Read Full Article