Sometimes it’s just way too hard to choose only one topic for my weekly writing adventure. This week there are two things that both seem to need urgent attention, so the Moneywise Tip is going to be a twofer.
First up, September 4 is the last day for students to purchase the Penn State Student Health Insurance Policy (SHIP) for fall semester. And while you are young and healthy it’s easy to think you can get away with not having insurance. But you really shouldn’t. One broken bone. One bad case of the flu. One inflamed appendix. Any one of these can happen at any time, and without health insurance it can easily set you on the path to a lifetime of medical debt. You can read more about that here. But know that the choice to skip insurance is a game of Russian roulette you really shouldn’t play.
And for the second topic of the day, a student came to me last week to discuss something that scared both of us. She came in to say, “I came to give you the information you called me about this morning.” She went on to tell me that she had received a phone call from me asking for her birthdate and Social Security number for a student job she was applying for. One big problem: I hadn’t called her. The caller had used my name, but I didn’t place the call. It was a scammer. The reality is, anyone with access to the internet would be able to figure out that she is a student at Penn State Law, and I am the Financial Aid Director at Penn State Law. I’m actually kind of stunned that someone would do this level of research to try to run a phone phishing scam. But it happened. So how do you protect yourself against this kind of thing? My rule of thumb is that I never give out personal information on a phone call that I did not initiate. No date of birth. No Social Security numbers. No credit card numbers. If I didn’t place the call, no one is getting that kind of info out of me over the phone. Period. And thankfully, this student was smart and didn’t share that info on the phone, even though she thought it was me on the other end of the phone. WHEW! (Just so you know—I would never ask for that kind of info on the phone. I would always ask for you to bring physical documentation of these things.) Scammers are still everywhere, so make sure to protect yourself!
This afternoon I received a text message from my sister. We use the same credit union for our banking and she and her husband had just received the same text, supposedly from this credit union, notifying her of an “alert” on her account. My sister is smart. She was suspicious of this text. She sent me a text message to see if I had received anything similar. I had not. Then I checked my account online to see if there were any alerts there. Still nothing. So then my sister called the credit union directly….not at the number that came in the text, but instead on a number she found on the credit union’s web site. My sister’s suspicions were confirmed. This was a phishing scam.
Crooks have gotten pretty clever with their attempts at identity theft. Phishing scams are everywhere. It could be a text from “your bank.” Or an email from “your student loan servicer.” A phone call from “Microsoft.” A phone call from “the IRS.” It’s everywhere. Protect yourself. Be suspicious. Never just click on the link in the text or email. Find a genuine phone number for follow up. Never give out your personal information on a phone call that you didn’t make. Never let someone who called you have remote access to your computer. Be smart. Be suspicious. Don’t be scammed.
I really haven’t paid attention to the idea of scammers for a while. Phishing. Smishing. Phone scams. Everybody knows about that, right? Do we have to still think about it? Apparently the answer is yes.
I have elderly parents. And last week they received a phone call from someone claiming to be from Microsoft. The man on the phone said he knew that my folks had been having trouble with their computer and he wanted to help. My father, who always struggles with his computer (I blame Windows 8), was ready to listen. Luckily my father never gave out his credit card information (which is how this scam usually ends), but he did direct his computer to several websites. I haven’t been able to get to their house to examine the damage yet, but I’m fairly certain that viruses and malware have been released. I have my folks carefully checking their credit card activity every day to watch for fraudulent charges, as I know they have used their card for online purchases and that number is likely stored in their computer’s memory somewhere.
So fraud is out there. I guess it always will be. How do you protect yourself against it?
Here are some things you SHOULD do:
- Check your banking/credit card statements regularly to make sure every transaction is one you remember making.
- Check your credit report at least once a year (http://www.annualcreditreport.com).
- Change your online passwords regularly—to something complicated that includes letters, numbers, and symbols.
Here are some things you SHOULD NEVER do:
- Give your credit card number out on a telephone call that you did not initiate
- Click on a link in an email or text from someone you don’t know/trust
- Email sensitive information such as your Social Security number
- Call back the number of a missed call from someone you don’t know who did not leave a message identifying themselves
- Wire money to a stranger (yes….people still do this!!!)
I could probably go on and on. But instead I’ll leave you with this helpful information from the Federal Trade Commission.
Watch yourself! Scammers are still out there, and likely always will be.
I recently came across this article about how a scammer posing as Sallie Mae was trying to steal private information by claiming the federal government was offering student loan forgiveness during the government shutdown. This reminded me that phishing is alive and well in the world, and is something we should all be thinking about.
Imagine it’s 1996. You are enjoying the Internet through America Online when an instant message pops up. Someone masquerading as an AOL employee asks you to verify your password. This was the birth of the Internet scam called phishing.
From its early start as attempted AOL password harvesting (thus the “ph” replacing the “f” in the word fishing) scam, phishing has evolved into the practice of sending out e-mails that appear to be from banks or other reputable organizations with the intent of luring the recipient to reveal sensitive information such as Social Security number, usernames, passwords, credit card information or bank account details.
The scam artists who run phishing schemes are quite clever. They have made an art form out of creating e-mails and web sites so like those of the organizations they are impersonating that it can be near impossible to tell the difference. Usually they are asking for the intended victim to “update” or “validate” their account information. Often they will try to incite fear with threats such as “your account will be canceled” if you don’t provide the requested information. The phishing e-mail then provides a link to a web site where the intended victim will be asked to provide the private information the phisher seeks.
You can learn to identify phishing scams by looking for these clues:
- Watch for address spoofs. The original e-mail may appear to be from a legitimate address, such as eBay.com, but this is really just concealing the scammer’s actual address. The enclosed link will lead to a look-alike web site at a similar but fake address such as eBayverifysite.com.
- Phishing e-mails almost always link to a web site that is not secure. It’s very simple for you to tell the difference between a secure and a non-secure site. A secure site will always start with “https://”. A non-secure site lacks the “s” for secure and will start with “http://.”
- A genuine e-mail from a financial institution you work with will likely include your name or a partial account number. A phishing e-mail will likely start with a more generic “Dear Customer.”
- Phishing e-mails almost always use scare tactics such as threat of account cancellation.
You can further protect yourself from phishing by doing the following:
- If you get an e-mail asking for personal information, do not click on the link in the message. If you are concerned that it may be a legitimate request from a company you work with, you should go to that company’s web site directly to confirm your account information there.
- Do not e-mail personal or financial information. E-mail is not secure, so you should only send confidential information through secure sites.
- Regularly review your bank account and credit card statements to ensure that all transactions were initiated by you.
- Install anti-virus software on your computer and keep it updated. Some phishing e-mails will contain software to track your Internet activities without your knowledge. Anti-virus software and firewalls can protect you from this.
- Always be cautious about opening attachments in e-mails—even from people you know.
- If you receive an e-mail you are certain is phishing, you should report it to the Anti-Phishing Working Group at http://www.antiphishing.org.
If you have given out personal information, here is what you should do to limit the damage:
- Report the theft of your information to the holder of your account as soon as possible. This will limit your liability.
- Cancel the account and open a new one as soon as possible.
- Monitor the stolen account for fraudulent use.
- If you have downloaded a virus, you should install or update anti-virus software and run a full scan.
- If you have given out personal identification information such as your Social Security number, you could be a target for identity theft. You should contact the three major credit reporting agencies (Experian, Equifax and TransUnion) to place a fraud alert and a victim’s statement in your file. You should regularly monitor your credit reports to watch for any fraudulent activity.
The Internet is a powerful tool. It has drastically changed the way we do just about everything. But the Internet is also a dangerous place. It is important for us to keep this at the forefront of our minds and exercise caution in your Internet use.