October is Cybersecurity Awareness Month, and Illinois Comptroller Susana A. Mendoza is reminding the public to be wary of potentially fraudulent emails, texts and phone calls.
The Illinois Office of Comptroller sends out more than 11,000 checks a day, so cybersecurity is a vital component of daily operations. The public also needs to make sure they are constantly on the lookout for attempts to steal their personal data.
“These scams used to be easier to spot because of poor grammar and obviously bogus looking messages,” said Comptroller Mendoza. “But with the explosion of AI technology, it’s getting harder and harder to discern what’s legit and what’s fake.”
There are several ways con artists are trying to lure people into giving up their personal information and ultimately their hard-earned money:
Phishing: Phishing occurs when cybercriminals use emails to try and get people to divulge information that could lead to identity theft. Now with AI, fraudsters have gotten more sophisticated and are better at personalizing their emails, so people are more likely to believe they are real. The FBI says phishing attacks in general are the leading reported cybercrime.
Smishing: Smishing is very similar to Phishing but the message comes via SMS (text messages). This scam is quite popular since most people frequently communicate through text.
Vishing: Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice messages to convince individuals to reveal private information such as bank details and passwords. According to the FBI, this can include scammers calling an older person and posing as their grandchild who is supposedly in jail or a car accident and needs money.
Quishing: This is a newer scam where QR codes are used to direct people to malicious websites. For example, a con artist may put a fake QR code sticker over a real one on a parking meter. The user scans the code and is directed to a website where they are asked to input their credit card information as usual. The problem is that the website is fake, used by criminals to steal the victim’s money. The FBI is also warning about a quishing scam where packages that were never ordered by the receiver contain a QR code that once scanned, installs malware on the user’s phone.
What can the public do to protect themselves?
· Be wary of any type of message that is asking for personal information, bank details or any other sensitive data, especially if you didn’t initiate contact. Most businesses/government entities won’t ask you to divulge this type of information through email, text or over the phone.
· Don’t click on suspicious links. Some scams play on people’s fears, urging them to click on a link to pay an overdue tax or toll charge. Other bogus links may look like they come from the post office or other carrier, claiming to provide a shipping update.
· For emails, if you are unsure, hover your arrow key over the sender’s email or suspicious looking link. A message may look like it’s coming from a familiar store, but if the email address or link is strange, it’s likely a scam.
· If you receive suspicious messages at work, your employer should have a button to report phishing emails. Make sure you report anything that doesn’t seem right, since other employees may be getting the same message, and then ignore the email if it is not automatically removed from your inbox.
· To avoid quishing, double check the website you are directed to for payment and be wary of sites that take you outside of the app for payment. Also be leery if you don’t receive confirmation of payment.
“I urge everyone to be extra careful with any of these types of messages,” said Comptroller Mendoza. “Hackers and other cyber-scammers are constantly changing their tactics to get your personal data, so it’s important to remain vigilant.”
