Phishing Threats
Phishing attempts are on the rise, and it is important to familiarize yourself with the different attempts in effort to protect private and sensitive information.
PhishingPhishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging. The attacker's goal is to steal money, gain access to sensitive data and login information, or to install malware on the victim's device.
Smishing
Smishing is a cyber-attack that targets individuals through SMS (Short Message Service) or text messages. In a smishing attack, cybercriminals send deceptive text messages to lure victims into sharing personal or financial information, clicking on malicious links, or downloading harmful software or applications.
Vishing
Vishing, short for voice phishing, refers to fraudulent phone calls or voice messages designed to trick victims into providing sensitive information, like login credentials, credit card numbers, or bank details. These details can then be exploited for criminal activities such as fraud, identity theft, or financial theft.
How Does a Smishing Attack Work?
- You receive a text message, possibly from a spoofed number that makes it seem as though it's coming from a legitimate business or individual, perhaps even one you're familiar with, such as your bank .
- The message describes an urgent issue with one of your accounts, asking you to verify information to resolve it.
- You respond either by clicking on a link, calling a phone number provided, or handing over credentials to clear up the error.
- You could be directed to a phony website or call center that seems legitimate and be prompted to provide sensitive information or download some type of malware.
- If you download the malware, you've granted the attacker access to your device. Any personal information you provide can be used to steal your identity and login to your accounts.
The information cybercriminals are after in smishing attacks includes:
- Social Security numbers
- Credit or debit card numbers
- Home Addresses, specifically zip codes, which allows use of your card if they already have the number.
- Login information
- Device and network information
How To Prevent Smishing
Smishing prevention for individuals includes:- Be cautious of unknown texts using grammatically incorrect language
- Avoid clicking on links within text messages
- Do not respond to texts appearing to be from a financial institution asking you to update your account information or provide personal information
- If you get a message that looks to be from a bank or a company with whom you do business with, call the business directly from the phone number found on their website, not the phone number provided in the text
- Never click a link or call the phone number provided in a message if you're unsure whom it's from
If you suspect you have been a target of a phishing attempt that uses IBC Bank's name and received a suspicious email or text message, DO NOT reply. Instead, forward the content to reportscams@ibc.com DO NOT forward any personal account information.
If you have any fraudulent activity on your IBC account or provided personal information to a phishing attempt, please call or visit your local IBC Branch immediately. If you need assistance in forwarding a suspicious email or text, please call or visit your local IBC Branch for help.Other ways to report phishing:
Check with your local carrier for other methods to block and report suspicious text or phone calls. You can also forward a suspicious text message to the Anti-Phishing Working Group at reportphishing@apwg.org or report it to the FTC. Go to the Federal Trade Commission or IdentityTheft.gov to learn more.
Remember, It is not IBC Bank's practice to:
- Send email or text that requires you to enter personal information directly into the email or text
- Send email, text or call threatening to close your account if you do not take the immediate action of providing personal information
- Send email or text asking you to reply by sending personal information
- Share your name with any contacts outside our firm in a manner inconsistent with our Privacy Policy.