The Perils of Phishing, Smishing, and Quishing

By Catherine Powell

Image courtesy Pixabay

The ongoing war being wrought by hackers has been taken to a new level with a triad of tricks designed to make you cough up personal data, financial info, and credit card numbers.  Unlike many of the brute force techniques employed in the past, phishing, smishing, and quishing are meant to kill you with kindness by offering fantastic deals that are never delivered.  Some of them are so intricately crafted that you'll think you're working with a trusted entity only to find out after the fact that you've been had.  Before you fall for any of these false flag attacks, I'd like to take the time to educate you on the latest and greatest e-scams yet to have been invented.

Don't get hooked by these phishermen.

While phishing, AKA being sent bogus emails, isn't something new, this year's bumper crop of offers are tailored to make you think you're dealing with a trusted entity like Geek Squad, Microsoft, or the US government.  Should you fall for these ruses and click on the attached link, get ready to have malware delivered to your device that can harvest credentials and passwords or deliver ransomware that will hold your data for hostage.  Some of the latest lies include lures inviting you to profit from class action lawsuits, employee termination notices, holiday greetings, bank account notices, browser updates, fraud alerts, refunds, and more.  For a comprehensive list of the latest phishing scams, click on this link to the University of California New Phishing Threats page

How do you avoid falling for phishing lures? Phishermen spin you tales designed to make you think that:

1. There's a problem with your account or payment. ( Click or call & you'll be sorry.)
2. We've noticed suspicious activity.  (Never trust the provided number or any link.)
3. You owe money. (You certainly will if you respond to this lure.)
4. If you don't respond to this, you'll be arrested. (The only person that should be arrested is the sender.)
5. You've won!  (The only winners are the con artists who profit from these bogus jackpots.)
6. You're entitled to a rebate or refund. (You'll need a refund if you fall for this scam.)
7. You need to update your payment info.  (Do so only if you want to enrich a hacker.)

In short, never fall for an offer you receive via email.  If you aren't sure if an offer or notice is legitimate, call the customer service number of the entity directly.  Never call the number included with the message.  Also, you need to be aware that the police, FBI, & IRS will never send you an email if they wish to interface with you. 

Image courtesy Pexels

Smishing: The same old scam with a whole new look.

Just like phishing, smishing involves sending unsuspecting victims juicy but bogus offers via SMS text messages.  Short Message Service, better known as texting, was first sent over the Vodaphone GSM network in the UK in 1992.  The service became popular in the US just before the turn of the century.  By the year 2000, the average amount of texts per person was 35 per month.  By 2010, teenagers alone averaged more than 4,000 text messages per month.  By 2020, more than 500 billion texts were sent worldwide every month.  The huge popularity of texting has made it not only popular and convenient for consumers and business owners alike, it has also opened a huge stalking ground for tech-savvy con artists.

Almost as soon as texting was accepted by the public it became a useful tool to hackers.  Back in the mid-1990's the first cases of smishing were reported by some cellphone users who had their login credentials stolen by hackers who wanted to hijack their accounts.  Today smishing runs rampant on many SMS platforms and mobile-messaging apps.  In 2020, smishing attacks were reported by 61% of companies.  By 2021, that percentage had jumped to 74%.  

As with phishing, smishing starts with a message, a warning, or an offer that's meant to elicit a sense of urgency.  Many of the smishes will seem to come from a person you know or a business you use and trust.  If you make the mistake of replying to a smish or clicking on any link provided, you run the risk of giving sensitive data such as login credentials, passwords, credit card information, or social security number to criminals.  Download any attachments included with the message and you risk infecting your device with spyware, malware, or ransomware.

The problem is many smishing messages can look authentic.  Nowadays they're crafted using artificial intelligence that makes smishes messages sound all too compelling.  They're programmed to sift through mountains of social data to determine patterns and craft individualized texts.  No longer is it child's play to detect smishing due to misspellings and obvious grammar errors.  Today's smishes are AI-enhanced.

That doesn't mean you can't take measures to defend yourself.   Here are a few tips from the pros:

1. Never open an unsolicited text message.
2. Scrutinize the name and phone number of the sender.
3. Set up spam filters on your smartphone.
4. Beware of any messages that create a sense of urgency or pose a threat.
5. Be suspicious of messages that ask for personal or financial information.
6. Never fall for offers of prizes, rebates, or refunds.

Image courtesy Pexels

Have you ever been quished?

Quick response codes, otherwise known as QR codes were invented in 1994 by Japanese company Denso Wave to label automotive parts.  It wasn't until 2010 that these 2-dimensional matrix barcodes became a popular way to allow cellphone users to take a picture of one to receive an offer or open a webpage without having to enter a URL.  By 2021, 45% of smartphone users reported using QR codes to access marketing or promotional offers.  

Quishing is a type of online attack that uses a QR code to direct the user to malicious website or tricks them into downloading a virus-filled document.  Just like phishing and smishing, if you fall into the clutches of criminals employing quishing, you're in for a tough time.  Below are some recent samples of quishing scams:

1. A con artist puts a fake QR code on parking meters that tells the public to pay for parking by clicking on the QR code.  Should you fall for the bait, not only will this give the crooks your credit card information, but you'll probably wind up getting a ticket or being towed for failing to pay for parking.
2. You enter a restaurant or retail store and find a QR code that offers you a discount for downloading the establishment's app.  The problem is that a cybercriminal has placed a sticker containing a QR code over the real code.  This directs you to a bogus website that asks you a lot of personal questions, only to tell you to download an app that's loaded with malware.
3. Cryptocurrency or stock investment scams that promise to double or triple your money are popular quishing bait, as are romance scams that employ QR codes that purport to help you find romance.

To avoid being taken for a ride by scammers employing quishing, there are a few things you can do:

• Avoid QR codes altogether.  
• Check for tampering to make sure the code you click on hasn't been covered by a bogus one.
• Verify the URL address you're being sent to is the real deal.  
• Install QR code scanner apps that help you spot and avoid dangerous websites.

Catherine Powell is the owner of A Plus All Florida, Insurance in Orange Park, Florida.  To find out more about saving money on all your insurance needs, check out her website at http://aplusallfloridainsuranceinc.com

The Hidden Menace of Mold

 By Catherine Powell

Image courtesy Pixabay

There's a fungus among us.  At least there is when it comes to household mold.  A member of the fungi family, mold loves warm, moist environments, which make them particularly fond of my home state of Florida.  Mold has been known to grow on everything from drywall and tile, to wood, fabric, glass, and even paper, sometimes digesting the material upon which it grows.  Unlike the birds and the bees, fungus can reproduce either sexually or asexually by emitting spores that are so minute that the tiniest puff of air causes them to waft far and wide. While most forms of mold are benign, some can cause allergic reactions or even render a home uninhabitable.  Last but not least, the cost to remediate mold infestation in a home can be expensive, and in many cases it isn't covered by homeowner's insurance.  Before you wind up being menaced by mold, there are a few things you need to know.

Are Medical Billing Errors Making You Sick?

 By Catherine Powell

Image by gpointstudio on Freepik

It should come as no surprise that the United States ranks highest  for healthcare costs in the world.  In 2022, healthcare spending hit an all time high of $4.3 trillion, which averages out to nearly $13,000 per person. That's nearly twice as much as that of other developed countries.  Three reasons our costs are so much higher include inadequate industry regulation, soaring drug costs, and billing fraud.  If all this isn't bad enough, another factor that makes healthcare less and less affordable for the average American has to do with billing errors totaling $54 billion in 2020 alone.  If you're sick and tired of being overcharged for services you may or may not have received, or you're worried sick about getting treated for fear of being overcharged, here's what you need to know.

Do you know your rights?

Depending on whether the healthcare plan you enrolled in is an HMO, a PPO, Medicare, or Medicaid, trying to access health providers that are in-network can be confusing at times.  Some patients have found themselves caught between their doctor and their insurer when it comes to getting the treatment they need in a timely manner.  This problem sometimes can be multiplied by the number of providers they are seeing.  Make one wrong move and you can find yourself receiving bills for services rendered that you thought were covered by insurance but were not.  or, you could receive a bill for a service you never received.  (I know the latter to be true because I recently went to the ER to get a few stitches only to be hit with a bill for $173 for a TDAP injection I neither asked for nor received.)

Up until January 2022, there was little protection for the public when it came to healthcare gouging.  It literally took an act of Congress called the No Surprises Act to keep the American public from being hit with unexpected bills from emergency services or healthcare providers that policyholders didn't realize were out of network.  Since that time there's been a way for patients to dispute surprise charges, provided they total $400 or more. Click here to visit the End Surprise Medical Bills website.

Diligence is the first line of defense. 

Image by xb100 on Freepik

Like it or not, all too many medical bills are charged in error.  Others are mailed by scam artists hoping to cash in for little more than the cost of a postage stamp.  Before you write a check or write down your credit card number on a bill for medical services, make sure you really owe something.  Sometimes all it takes is a phone call to a provider to discover that you were billed in error. (This happens more frequently than you realize.)  If you're sure that the service or item you're being billed for wasn't legitimate, insist on having the bill itemized or explained to you in plain English.  Also, make sure the bill has the correct name and insurance information on it.  If anything on the bill is incorrect, you could have been billed for someone else's treatment.  If you still haven't resolved the situation to your satisfaction, ask to speak to a supervisor, or drive to the provider's place of business to sort out the problem in person.  If necessary, insist on initiating a 3-way call between you, the provider and your insurer.

Billing errors happen for a variety of reasons.  Some occur due to the complexity of the medical reporting system where one wrong letter or digit can mean the difference between being correctly billed or being charged for something you didn't receive.  Another problem is a lack of communication between federal healthcare plans like Medicare and state-backed plans like Medicaid.  Retirees with dual coverage comprise 10% of unpaid medical debt in this country even though most should owe little or nothing for treatment.   

How to avoid being scammed.

Since medical fraud is rampant, make sure you speak directly to a provider you know and trust about any billing errors.  Never get duped into calling an unfamiliar phone number printed on a suspicious bill.  It will undoubtedly lead to a phone room operated by con artists who will try to convince you to make a payment.  Even if the person on the phone seems to know your medical condition, don't fall for this trick since scammers can easily buy medical histories on the dark web.

How can you avoid being overcharged for medical treatment?

Image by stockking on Freepik

First and foremost, make sure you understand what is and isn't covered by your health plan.  Some plans allow patients to make appointments with providers in-network on their own, while others require patients to get a referral from their primary care physician before being treated.  If a procedure or therapy is recommended by a provider, request an estimate of benefits that will show you what is covered by your insurance and what costs you will be required to pay.  Understand your plan's limits and deductibles.  Make sure you know which providers are considered in-network.  Get to know your plan's list of benefits.

Regardless of how the error occurred, if you receive an erroneous bill, you need to take the matter seriously.  Ignoring a medical won't make it go away,  Far from it.  Not only will you receive more bills in the mail, failure to pay could result in more dire consequences should the matter go to collections.  Never agree to make a partial payment, since this could be construed as accepting responsibility for the erroneous item.

What can you do if the bill goes to collection?

Bill collectors are only permitted to contact you about debts you owe.  By law they aren't allowed to call you about debts you don't owe or someone else's debts.  They aren't permitted to harass you day and night. You have the right to tell them to stop contacting you.  That's the good news.  The bad news is that collection agencies can place a black mark on your credit report, or they can sue you in court.  If they prevail in court, it could lead to your wages being garnished or a lien being placed on your home.  If you receive notice of pending litigation, discuss the matter with an attorney.  Better still is to try to resolve any billing error with the medical provider that created it in the first place.  While this might entail spending hours on the phone or taking the time to visit the provider in person, it will be worth it to resolve the issue before it reaches the collection stage.

Catherine Powell is the owner of A Plus All Florida, Insurance in Orange Park, Florida.  To find out more about saving money on all your insurance needs, check out her website at http://aplusallfloridainsuranceinc.com

10 Ways to Save Money on Auto Insurance

 By Catherine Powell

Image courtesy pxhere

I have good news and bad news when it comes to Florida auto insurance rates.  The bad news is that the cost to insure vehicles in the Sunshine State has increased by an average of 17% over last year.  This has to do with a number of factors, including hurricane damage, the high number of uninsured motorists in the state, an uptick in auto thefts, and rampant claims fraud.  The good news is that if the cost of insuring your vehicle in the coming year has you seeing red, there are many ways you can reduce your premiums without breaking the bank.  Below is my top-10 list of ways to reduce the cost of auto coverage.