The month of October is devoted to Cyber Security Awareness nationwide. It seems that every week brings a new news story or personal experience of a company or individual falling victim to fraud.
Fraud can occur through almost every digital connection companies or individuals maintain; text message, email, phone call, malware downloaded onto your computer, tablet or mobile device and so much more. Dean Bank devotes an entire section to our web site called the Security Center. Here you’ll find a variety of news articles, resources, telephone numbers and education about ways criminals attempt to steal your data or your identity. We discuss both personal and business cyber safety and offer a host of methods to protect yourself from fraud as well as report it should it happen.
As a service to our customers, throughout the month we’ll send out a Cyber Security Information sheet. This week we’ll highlight fraud via text (or SMS) messaging...commonly called Smishing.
- SMS phishing or smishing is conceptually similar to email phishing, except attackers use cell phone text messages to deliver the "bait".
- Smishing attacks typically invite the user to click a link, call a phone number, or contact an email address provided by the attacker via SMS message.
- The victim is then invited to provide their private data; often, credentials to other websites or services. Furthermore, due to the nature of mobile browsers, URLs may not be fully displayed; this may make it more difficult to identify an illegitimate logon page.
- As the mobile phone market is now saturated with smartphones which all have fast internet connectivity, a malicious link sent via SMS can yield the same result as it would if sent via email. Smishing messages may come from telephone numbers that are in a strange or unexpected format.
Most commonly, the attacker will exploit the acquired data for one or more of the following purposes:
- Stolen money - The most obvious reason a criminal would want to access your online information is to defraud you out of money: The attached link is therefore often used to intercept a one-time passcode (OTP) most banks use for step up authentication. Alternatively, they might simply send their unsuspecting victims a warning about an unpaid bill in favor of a fake recipient.
- Identity Theft - Theft does not exclusively happen to tangible objects; it can also happen to a person’s entire identity. Some scammers use the accessed data to claim the identity of their victim, for various diverging causes apart from stealing money, such as filing phony health insurance claims, committing tax fraud, or even reselling your data to other criminals.
- Installed Viruses - Another threat smishing poses is the installment of unsolicited malware. The message might encourage you to download a seemingly trusted app, which could be used to collect sensitive data from your phone, such as credit card details stored in other apps. Additionally, a phone infected with malware or viruses can become completely unusable.
Known common tactics to look for:
- Texts try to scare you with urgency
- Threaten to cancel accounts
- Provides a link for verification or recovery
Tips and Tricks:
- Beware of texts that don’t come from phone numbers
- Log into the main sites (Amazon, PayPal) directly, NEVER click on the link
Use MFA (Muti-factor Authentication) on email and sites whenever possible
What to do if you become a victim of Smishing
Smishing attacks are cunning and may have already victimized you, so you’ll need to have a recovery plan in place.
Take these important actions to limit the damage of a successful smishing attempt:
- Report the suspected attack to any institutions that could assist.
- Freeze your credit to prevent any future or ongoing identity fraud.
- Change all passwords and account PINs where possible.
- Monitor finances, credit, and various online accounts for strange login locations and other activities.
Each of these steps has a substantial weight for your protection after a smishing attack. However, reporting an attack not only helps you recover, but keeps others from falling victim as well.
Some important information from Massachusetts' Register of Deeds regarding Deed Theft scams was found in a recent publication of The Franklin Observer
Taking note of publicity relating to “deed theft,” Norfolk Register of Deeds William P. O’Donnell reminds Norfolk County homeowners about the Registry’s Consumer Notification Service.
Deed theft can take different forms. The most common type of fraud preys on people who are in danger of losing their property, usually rental property, through foreclosure. The owners are told that they qualify for a “short sale” – a process where the foreclosing lender settles for less than the amount owed or the mortgage – and that if they sign the deed over to a third party, they can avoid the foreclosure. The owner signs a deed over to the third-party scammer, not realizing they are still responsible for the debt, and the scammer, rather than negotiating the short sale, collects and keeps the rental payments until the lender eventually forecloses. Another form of deed theft preys on the elderly homeowner who, subject to undue influence often by a family member, signs over their property, not realizing what they are signing.
Less common is forgery, where a scammer fakes a homeowner’s signature on a deed and records it in the registry of deeds. A forged deed is not valid and conveys nothing. If a buyer or a lender rely on a forged deed and don’t do their due diligence on a property’s title, they are out of luck. They, not the legitimate property owner, will ultimately lose any money paid to the thief. Forgery is a felony in all fifty states, punishable by jail time and heavy fines. The court may also require restitution for damages caused by the forgery, such as the costs of clearing the title.
There are companies that now offer paid subscription services that will periodically monitor the public records and notify an owner if a deed has been recorded transferring the ownership of their property. It is not title insurance and usually will offer no additional services if a fraudulent transaction has taken place.
Commenting on the issue, Register O’Donnell stated, “Our mission at the Registry of Deeds is the safety and security of all property records. We recognize that there are unscrupulous individuals that may try to take advantage of the property rights of others. We have initiated a Consumer Notification Service at the Registry, a free service whereby subscribers sign up to be notified when any document is recorded under their name. While I can’t speak to the paid subscription services, we have confidence in our “alert” or notification system.”
Information on “Consumer Notification” can be found on the Registry website, www.norfolkdeeds.org under the heading, “Services”. The Registry Customer Service Department can assist anyone who would like to set up the notification for their property.
Register O’Donnell concluded, “I want to reiterate that our free notification service, like the paid services, does not protect against fraud but will at least alert an owner if a fraudulent deed has been recorded. Owners should be always be aware of what they are signing when it comes to any document that may affect the title to their real estate and should scrutinize any company that promises to alleviate debt if you sign over a deed to them. In Massachusetts a deed should always be signed in front of a notary public. Massachusetts notaries are obligated to request identification from the party signing the deed.”
If you have any questions about the notification service, please contact our Customer Service Center at 781-461-6101, Monday through Friday between the hours of 8:30AM-4:30PM. Our trained staff are more than willing to answer any questions you may have.
The Norfolk County Registry of Deeds is located at 649 High Street in Dedham. The Registry is a resource for homeowners, title examiners, mortgage lenders, municipalities and others with a need for secure, accurate, accessible land record information. All land record research information can be found on the Registry’s website www.norfolkdeeds.org. Residents in need of assistance can contact the Registry of Deeds Customer Service Center via telephone at (781) 461-6101, or email us at registerodonnell at norfolkdeeds dot org.
Email is not a secure transmission route so you should never include sensitive personal information like your social security number, account number, or personal identification number (PIN) in an email. If you would like to communicate this type of information to us, please call us at 508.528.0088.
Do not provide your email address to third-party websites without reading the privacy and security policies and terms and conditions of these sites to ensure you understand the circumstances in which your email address will be used. Third party websites may have privacy policies that are different from Dean Bank’s.
If you suspect suspicious or fraudulent activity related to your Dean Bank account(s) (ex. Internet Explorer, Safari, etc.) please let us know right away. You should also contact your Internet Service Provider so they may block suspect companies from your email inbox. To learn more about how to control and manage your incoming emails, please refer to your Internet Service Provider's online resources.
Be Aware of Online Financial Fraud/Email Scams (Phishing)
Increasingly, Americans are receiving fraudulent emails that direct recipients to websites where they are asked to provide confidential, personal and financial information. These emails may vary significantly. Some claim that the individual's personal information is necessary to assist in the fight against terrorism or for some other alleged legal purpose. Other emails purport to be from government agencies or legitimate financial institutions. The email may claim that there is a problem with an account and will provide a link to a site that may look authentic. You may be asked to input personal information such as bank account numbers, PINs or a Social Security Number. These fraudulent schemes are commonly known as "phishing".
Do not provide any personal information by clicking on the link.
Dean Bank will never call you and ask for personal information over the telephone or request personal information via email.
If you suspect Identity theft or fraud involving any of your Dean Bank accounts, contact us immediately at 508.528.0088.
Additionally, we advise that you report any suspicious email activity to the Federal Trade Commission. Submit information regarding the "phishing" file by entering a complaint with the FTC website.
You can also visit the FTC's Identity Theft website to learn how to minimize the financial damage from identity theft.