Scams aren’t new, having been around for a long time, with some well-known ones occurring back in the 1800s. But phishing scams are a bit more recent, because they’re based on the use of electronic communication. Because one of the best ways to defeat a confidence scheme (such as phishing), is to be able to recognize it, fraudsters are constantly thinking up new scams to confuse and trick potential victims. But before we go over a new scam, let’s discuss what phishing is.
The Phishing Process
Phishing refers to the use of an unsolicited and seemingly legitimate electronic communication to entice a victim to reveal confidential information. But the reality is that the communication is not what it claims to be. A common early phishing scheme involved an official-looking email from a bank or other financial institution claiming there had been a possible data breach. The email asked the victim to click on the included link and “sign in” to their online account to confirm everything was ok. But the link didn’t go to the financial institution’s website, and instead went to the scammer’s website, which collected the online login information.
In the early days of phishing, these unsolicited contacts were usually made by email. But with the ubiquity of social media and smartphones, scammers are using other means of communication, such as social media and text messaging. Below we discuss one of the newer phishing scams out there.
Data Breach Phishing Scam
Phishing is usually a “quantity over quality” scheme, where the scammer will send out thousands or millions of “casting” attempts in the hopes that a small percentage will take the bait. This means that the phishing attempts are usually generic with little to no identifying information about the victim. But due to the high number of data breaches that have taken place over just the last few years, phishing attempts are now harder to spot.
Instead of using stolen personal information to simply steal someone’s identity, a phishing scammer may try using the personal information in the phishing email or text message to come across as more believable. It’s one thing to get a random text message asking you to sign in to your bank account. But when that text message has your login name, birthday and last four digits of your Social Security number, it will come across as far more believable. Which phishing attempt do you think will get more bites?
What to Do If Someone Tries to Phish You
The first thing you need to do is not click on any of the links or provide any of your personal or private information. Keep in mind that the IRS will rarely ask for personal or financial information through electronic communications, such as emails, text messages and social media.
The next thing to do is report the phishing attempt. You can do this by sending the email to the IRS at [email protected] or by contacting the Tax Inspector General for Tax Administration.