Skip to main content

Press Releases

Phishing, Smishing and Vishing: Montgomery County Office of Consumer Protection Warns of Increased Creative Attempts to Steal Personal Identification During the Holidays

For Immediate Release: Thursday, November 5, 2020

Phishing, Smishing and Vishing are just some of the new words entering our daily experiences. The Montgomery County Office of Consumer Protection (OCP) wants residents to know that these terms are not part of a catchy new children’s book. They are the names given to serious efforts by scammers trying to trick people into turning over money or account information. The efforts are even more numerous during the holidays when consumers receive increased messages and calls from all types of legitimate companies and organizations—and making it even easier for criminals to horn their way into their pocketbooks.

“Phishing"—as in fishing for confidential information—refers to a broad scam that involves crooks using email to steal personal and/or financial information. They are seeking to discover user names, passwords, bank account numbers, Social Security numbers, credit card numbers, expiration dates, PIN numbers, billing addresses and telephone numbers.

Phishing could involve an email with what appears to be the actual logo of a bank or company in which the criminals try to capture the attention of a consumer. It may cause concern, or even a small panic, by saying an account was hacked or closed—and then requesting the individual to provide information about that account.

“Smishing” is phishing through messages via formats such as text messages, WhatsApp, WeChat and other message platforms. 

“Vishing” is when voice-recorded messages via phone calls are used to lure in unsuspecting residents.

“The only way that this type of scam will work is if a person willingly or accidently gives the scammer access to their information,” said OCP Director Eric Friedman. “Although people say they would never fall for a fictitious attempt to get their information, the criminals are very good at making themselves appear legitimate.”

One way to carefully check the information is to call a known legitimate consumer information number to confirm what was sent in the email—or learn that it was a criminal attempt. Do not immediately reply to a suspicious email, text or call to a number they provide.

The County Office of Consumer Protection offers the following tips on how to avoid being hooked by a phishing attempt:

  • Scams may look like they are from a company a person knows or trusts. If you receive an unsolicited e-mail or instant message that requires providing personal information, do not respond. Instead, contact the organization directly.
  • Scams often tell a story to trick consumers into clicking on a link or opening an attachment. If a link or attachment is provided in an unsolicited e-mail or instant message, do not click on the link or open the attachment. The link provided could take the potential victim to a fake—but realistic looking—"mirror" site or will download a virus or malware that will steal passwords, account information and money. The same virus and malware downloads can be hidden in pictures, PDFs or other attachments. 
  • Scammers may have trouble with written English. Be especially wary of emails or websites that have typos or other obvious mistakes. Look for extra exclamation points, accents and other slight tweaks to logos and company names.
  • Scammers spoof the legitimate business’s email address. Always hover over the sender’s email address to see from where it is really coming.
  • Scammers ask for information a legitimate business already has. No financial institution or legitimate business will contact a person and ask for sensitive information such as account numbers, Social Security numbers or PINs. 
  • Be very careful in using gift cards, since payments with gift cards are hard to trace if provided to a scammer. For example, if a person is contacted by someone saying they are from a utility company and service is to be disconnected unless a payment is sent via a gift card, this is clearly is a scam and the funds will never be recovered.

If a person suspects that an e-mail or website is fraudulent, they should report the information to the legitimate bank, company or government agency, using a phone number or e-mail address they find on their own. These numbers could be on the back of a credit card, on a regular monthly statement or on the official website of the company or financial institution

Scammers, in their attempts to seem legitimate, often provide consumers with a phone number or email address for verification—although they are just referring the consumer to a colleague who is part of the scam. OCP advises not to trust contact information you do not find on your own

If a consumer suspects, or determines, a website is not legitimate, contact the FBI’s Internet Crime Complaint Center. Complaints about phishing, smishing and vishing also can be filed with the Federal Trade Commission.  Suspected phishing emails additionally can be forwarded to the Anti-Phishing Working Group at reportphishing@apwg.org and smishing text messages can be forwarded to SPAM (7726).

# # #

Release ID: 20-664
Media Contact: Eric Friedman 240-777-0311