Don’t get hooked by phishers
By Tech. Sgt. Dan DeCook, Secretary of the Air Force Public Affairs Command Information
/ Published June 04, 2015
WASHINGTON (AFNS) -- Fast cash promises on popular social media sites like Facebook, Instagram and Twitter are causing major problems for service members.
Phishing scams have continued to evolve in an attempt to keep up with progressing technology. Today, some phishing scams have been using social media outlets to fool users into revealing sensitive and personal information at an alarming rate.
Phishers typically send a short message targeting young adults and, recently, more service members, asking if they would like to make quick cash. Preying on those in need of money, phishers entice victims with the idea of an easy payday. Many service members are sending debit card personal identification numbers or online credentials, only to be left holding a large bill.
One popular scheme involves a phisher depositing a fake check into a willing member’s account and then using the personal information obtained to withdraw funds from that account. For example, an Instagram post with the hashtag #USAA offers a $5,000 deposit to establish dialogue with a potential victim. The victim then provides account information, allowing the phisher to upload a phony check into their account. Since many banks offer immediate withdrawals, the phisher can take the money and run. In some cases, the victim agrees to the scheme and deposits the fake checks themselves with the intention of claiming no knowledge later on. Either way it’s done, the account holder is responsible for the funds.
Recently, a 20-year-old Sailor had a checking account balance of $25 with USAA. After he engaged with a phisher and provided account information, several fraudulent checks were deposited into his account, totaling $17,453. The fraudster withdrew his fee and left the Sailor liable for $6,500. Phishers often deposit large amounts because only a portion of a deposited check is available right away.
While many service members are falling for these fake check phishing attempts, banks aren’t. They also aren’t paying the bills left in the wake.
“USAA is not going to post something like that on social media,” said Brent Mosher, the USAA executive director of financial crimes, investigations and recovery. “Fraudsters ask for things we would never ask for -- personal identifiers, debit card information, account numbers -- we already have all that.”
A financial woe isn’t the only thing that comes with being a willing, or unwilling, victim. Security clearances, which take financial standing in account, can also be affected. Depending on their level of involvement in the schemes, service members may face legal action and possible discharge.
Phishers aren’t content with just social media sites. They are also crafting emails with company logos from official looking addresses. Phishers send emails from what appear to be trusted establishments.
According to the Cyber Security Division within the office of Headquarters Air Force Communications, these emails often contain links to fake websites which ask the potential victim to enter their personal and account information. The site then records the information entered giving phishers all they need to wreak havoc on such things as bank accounts and credit cards.
Banks and other financial institutions do not ask for personal information or account information via email. If you suspect an email or social media post is phishing, contact the company directly using information on a recent billing statement.