Phishing scams are scams where a perpetrator attempts to obtain the personal information of a victim. For example, a perpetrator may seek to obtain an individual’s:

  • Credit card information;
  • Passwords;
  • Social Security information; and
  • Other data.

Phishing typically involves a perpetrator who sets up a fake situation, for example, a fake sweepstakes or job interview. The victim is then required to provide their private information in order to claim their prize or to proceed with the interview.

With the information obtained, the scammer may be able to use the individual’s personal accounts, collect money, or conduct a larger identity theft crime.

What Are Some Types of Phishing Scams to Watch Out for?

Phishing scams may occur in many different ways. The most common forms include scams perpetrated by postal mail or vishing, which is a voice phishing scam conducted over the phone.

Newer forms of phishing scams that individuals should watch out for include:

  • Malware-based phishing: This is where the scammer uses fake malware or antivirus ads to obtain the individual’s information. For example, the scam may involve a fake pop-up ad stating that the person needs to provide their credit card info in order to purchase new firewalls or antivirus software;
  • SMiShing: This involves SMS or text messaging on a cell phone. Here, the victim may receive a fake text alert asking for their password or bank account number;
  • Search engine phishing: This type of phishing uses search engines to reroute an individual to a different website while searching for info online. The website is fake and usually requires the user to fill out a form to proceed; and
  • Spear phishing: This is where the perpetrator sends mass fake e-mail messages to companies and businesses, hoping to obtain employee information and other company data.

Essentially, any new form of communication, especially electronic or digital messages that are sent over the internet, are prone to being used as a tool for perpetrating a phishing scam. Therefore, it is important that an individual only share their personal information with parties they trust and that they do so over a secure internet connection.

What is Identity Theft?

The United States Department of Justice broadly defines identity theft as a phrase that applies to all crimes that involve acquiring and using another individual’s data through fraud or deception for their financial gain. For example, suppose an individual saves their credit card data on their computer, to a web browser, or in a pre-filled form on a website.

If a hacker gains access to this information and uses it to purchase something, it would be deemed an act of identity theft. Another way identity theft may occur is when an individual is not cautious with their data in public.

For example, if an individual provides information such as their social security number or credit card number over the phone when they are in a public place. In these instances, a criminal can easily overhear it and write down the details for later use.

The internet has provided criminals with many more opportunities to perpetrate these crimes than they have before the advent of technology. Thus, it is essential for an individual to use safeguards to protect their online and offline data.

Otherwise, an individual may end up with numerous issues all because an individual decided to steal their identity, including:

  • A criminal history;
  • Fraudulent tax records; and
  • A poor credit score.

How Can Your Identity be Stolen?

There are numerous ways to steal an individual’s identity. Aside from the examples that were discussed above, some of the more prevalent methods which are used to steal an individual’s identity include:

  • Robbery: A perpetrator can physically steal an individual’s data by robbing them of specific items, such as their:
    • driver’s license;
    • social security card;
    • debit or credit cards; and
    • other items;
  • Computer fraud: Computer fraud goes beyond standard hacking. This phrase may also apply to:
    • deceitful website schemes;
    • deleting sensitive government files;
    • romance scams; and
    • any other online activity which results in an individual becoming a victim of identity fraud;
  • Social media: Although this offense may fall under computer fraud, a criminal can impersonate someone by:
    • using their social media;
    • looking for clues about the individual that would reveal password hints;
    • finding details saved to their social media account, for example, a linked bank account, or
    • messaging their contacts for records or sensitive information;
  • Mail theft: A criminal can intercept an individual’s physical mail to get personal data. Sources of mail which may have vital details for thieves include:
    • bank statements;
    • credit card statements; and
    • pre-approved credit card offers;
  • Dumpster diving: An offender may also dig through an individual’s trash to search for personal or financial data. Therefore, it is essential to tear up paperwork that displays:
    • bank accounts;
    • credit card numbers;
    • handwritten passwords; and
    • other personal information.

So How do I Avoid Falling Victim to These Phishing Scams?

There are several suggestions that an individual can use to help them avoid falling for these types of scams, including:

  • Legitimate companies will never ask for sensitive financial information via an email, so if if an individual receives an email asking them to provide this type of information, even if it looks like it is legitimate, it should be deleted;
    • Instead, the individual may want to check the company’s official website as well as e-mailing them or calling them at an address or phone number the individual knows actually belongs to the company;
  • It is important not to send any confidential financial information via email. E-mail is not a secure source. Instead, an individual should give that information through a secure website, such as one where the address begins with “https” instead of just “http;”
    • Even in these situations, it is important to be cautious about what information an individual is giving away and not to give away any private financial information unless it is absolutely necessary;
  • Install anti-virus software on the computer and keep it updated. In some cases, a phisher may send software with their emails that either harm the computer or track where the individual goes on the Internet without their knowledge.

Are There any Legal Penalties for Phishing Scams?

Individuals or groups who are caught perpetrating phishing scams can face legal consequences. In certain cases, these scams may result in serious misdemeanor charges that can be punished by jail time or criminal fines.

A phishing scam that involves the altering or manipulation of a federal website or the deceit of a federal official may result in federal felony charges.

What Should I Do If I Have Fallen Victim to a Phisher?

If an individual finds out they have provided private financial information to what later turned out to be a phisher, the first thing they should do is to contact their bank and credit card companies to inform them to monitor any transactions made on the account or card the phisher may have access to. An individual may also want to file a complaint with the Federal Trade Commission (FTC) so they are aware of the extent of the scam.

In addition, if the identity of the phisher is determined, an individual may wish to consult with a fraud lawyer who can advise them whether they may be entitled to money damages.

Do I Need a Lawyer for Help with Phishing Scam Issues?

Phishing scams are common and may catch large numbers of unsuspecting consumers each year. It may be helpful to hire a fraud lawyer if you suspect that you or your company has been the victim of a phishing scam.

Your attorney can help you determine if there was a violation and whether or not you have legal resources available to you. In addition, your attorney can represent you in court if necessary.