If it wasn't bad enough getting duped by a false e-mail purporting to be from your bank, now consumers have to beware of fake text messages.
HSBC Bank USA and other companies have found themselves under attack by the newest wave of criminal scams designed to trick consumers into giving up account passwords and personal information.
As before, the goal is to enable criminals to steal from victims' bank accounts, charge purchases on their credit cards, or create phony cards or otherwise impersonate consumers.
In the past, the scams -- known as "phishing" -- involved fake e-mails designed to look like alerts or customer service messages from legitimate companies. Now the criminals are using text messages and voice messages on cell phones.
And because they're newer and less well-known to consumers, these new "smishing" or "vishing" scams could pose more of a threat, at least until consumers become more aware of them.
"These are sophisticated scams that exploit consumers' fears that their account has been compromised," said Anne Wallace, president of the banking industry-supported Identity Theft Assistance Center, which reports a rise in this activity. "Because the messages look real and create a sense of urgency, it's easy to be fooled."
That's why banks and fraud experts want to get the word out not to trust such messages.
"Texting is not a normal way for your financial institution to get in touch with you, unless you have set it up that way," said Jay Foley, executive director of the Identity Theft Resource Center in San Diego. "They don't do it on their own," Foley said. "They should never be contacting you and asking you to contact them back and give them the account number."
That's what happened to Jeffrey Symmonds. The Lewiston native, who now lives in Chicago, received a text message from HSBC Bank USA -- his bank.
He didn't know of any problems with his accounts, but didn't dismiss it out of hand either.
"It wasn't completely out of the realm for me to think that HSBC would alert me via text message that there was an issue, maybe with an overdraft," he said. "It seemed plausible that they were trying something new to contact me."
But the message was sent from an "unverified sender" and the bank's four-letter name was spaced out oddly. "H S B C alert 138923. Please call 877-2502216."
So he contacted the bank directly, using other phone numbers, and learned that the message did not come from HSBC. And the bank told him it was already aware of the scam attempt.
Symmonds didn't fall victim, but feared the bank's security had been breached, since someone had his cell phone number.
In fact, though, this was a scam that had been launched against several banks and an untold number of consumers at the same time, with likely no advance knowledge of who was a customer of which bank.
"HSBC has experienced no data security breach and it is not bank policy to contact its customers via text message," HSBC spokesman Neil Brazil said. "We were not compromised by this attack. We're taking all appropriate actions. We want to stay one step ahead of the fraudsters."
Fraud of all types accounts for a major portion of consumer complaints to government agencies, as criminals seek new ways to rip off the public.
Last year, 54 percent of the 1.3 million complaints recorded in the Federal Trade Commission's Consumer Sentinel database involved fraud, totaling 725,087. Consumers reported losing over $1.7 billion, with the median payment at $594.
Smishing, and vishing -- which uses voice messages -- are the latest examples of how criminals use newer technology to deceive unwitting and unsophisticated consumers. With smishing or vishing, criminals use an auto-dialing system to text or call people in a particular region or area code -- such as 716. In some cases, they might use stolen customer phone numbers, but it's often completely random.
"They send out maybe 1,000 of them and hope one or two respond, and they're still making money," said Kim M. Baglio, senior special agent with the Secret Service in Buffalo, and coordinator of the Financial and Electronic Crimes Working Group. "Even with all the information that's being put out there, you still get someone that falls for it."
So far, local experts have seen only a few smishing attempts, with no loss. "More and more people are getting a little more savvy," Baglio said. "I think more people question it when they're getting it on their phone. That's probably why we've not seen the losses here."