It may seem like Smishing is all the rage lately, but frankly… It is. Over the past few weeks our users and Scambook Staff have been repeatedly receiving the same smishing text (shown on the left) from “Best Buy” stating, “You’ve been randomly selected for a BestBuy gift. Get your $1000 gift card at…” referring people to a site where you can “claim a Best Buy gift card” by entering certain private personal information.
As we all know, Best Buy is one of the world’s leading multi-channel retailers and developers of technology products and services. Best Buy has 1,150 stores domestically and internationally and 100 Best Buy Express automated retail stores located in airports and malls across the U.S. with its headquarters located in Richfield, Minnesota. Forbes magazine has named Best Buy “Company of the year” for many years.
In March 2012, reports of a scam offering a “Free $1,000 Best Buy Gift Card” started to flood our site. This particular scam has been infiltrating people’s cell phones in the form of text messages.
I’m sure we all know what ‘smishing’ means by now, since this has been all over the media. The smishing message instructs people to call a toll-free number or visit a website to redeem the free $1000 Best Buy gift card.
Many sites similar to the one above appear on the results page after entering “Free Best Buy Gift Card” in search engines such as Google, definitely making these sites hard to miss.
Considering the amount of complaints we received in a matter of weeks about Walmart last month, Scambook had to alert it’s users on this new Best Buy smishing scam. I noticed that it is easy for anyone to fall into handing over their personal information through the process of redeeming their “Free $1,000 Best Buy Gift Card.”
A few tips on how to protect yourself against this scam:
- Don’t open or even respond to unsolicited e-mails/texts offering free gift cards. We know it’s very tempting to open the e-mail/ text but trust us; you’re better off just deleting the e-mail or text message. By responding to the text messages (even the ones that say to respond to “stop
- Educate your family and friends on what smishing scams are all about.
- Don’t click or respond to online ads and websites offering free gift cards. You know which ones we’re referring to-the ones that pop out of no where and say, “You’ve won!”. If you have not entered any legitimate sweepstakes you probably didn’t win anything.
- Never ever give out your credit card info, social security number or bank details in order to pay for fees, taxes, or any shipping costs that you may have potentially ‘won’ or are getting for ‘free’.
- Avoid filling out forms in emails asking for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
- Always double check you’re using a secure website when submitting credit card or other sensitive information. Phishers are now able to forge the “https://” you would normally see when you’re on a secure Web server. Make it a habit to enter the address of any banking, shopping, auction, to financial transaction website yourself and not depend on the displayed links.
- Pay attention to the website URL. If the URL does not match the branding to a legitimate website navigate away from the website. Always check where the URL ID is coming from. Remember not all scam sites will try to show the “https://” and/or the security lock. Get in the habit of looking at the address line, too.
Always report “phishing” or “spoofed” emails and “smishing” messages to the following channels. Even if others have already submitted similar scams when you report your unique incident it gives us data to help prevent future smishers and pin point these scammers:
- Submit a complaint at Scambook
- Forward the email to email@example.com
- Forward the email to the Federal Trade Commission at firstname.lastname@example.org
- Forward the email to the “abuse” email address at the company that is being spoofed (e.g. “email@example.com”)
- When forwarding spoofed messages, always include the entire original email with its original header information intact
- Notify The Internet Crime Complaint Center of the FBI by filing a complaint in their website: www.ic3.gov/
Remember, no reputable business would send you an email requesting your personal information. Any emails you may receive asking for this type of information should be considered phony and brought to the attention of the business being phished or smished.
If you have received this text message let us know, please submit a complaint here and educate others.