The Tennessee Department of Commerce & Insurance’s (“TDCI”) Division of Securities is alerting consumers about the prevalence of spoofing and phishing scams being used by cybercriminals to target unsuspecting Tennessee investors.
Spoofing and phishing are common tactics used by cybercriminals to gain a person’s trust so they can be manipulated into divulging personal or sensitive information which the cybercriminal will use fraudulently. Depending upon the target and the success of the attack, a wide array of confidential and financial information can be put at risk.
“Fraudsters and scam artists are finding increasingly insidious ways to use technology to harm innocent consumers and investors while hiding their true identities,” said TDCI Commissioner Carter Lawrence. “Tennessee investors should remember to always ask questions and stay on alert whenever they are contacted online or by email by individuals whom they do not know.
Know the Difference Between Spoofing and Phishing - While scammers often use spoofing and phishing together, they are two different concepts. Consumers should learn the difference in order to be informed.
Spoofing is when a cybercriminal deliberately duplicates and alters an otherwise real phone number, email address, screen name, or website to make it appear to be that of a trusted or well-known source. Simply adding or deleting a single character can transform a legitimate website into a fake one. Spoofing often enables phishing to occur. One recent example of a local spoofing scam was a group of individuals impersonating the Rutherford County Sheriff’s Office. The scammers were making threatening calls posing as sheriff’s deputies telling people they missed jury duty or had an outstanding warrant issued against them. They provided real deputies’ names, a fake phone number, and requested money to resolve the issue.
Phishing is when a cybercriminal uses fraudulent emails, text messages, or phone calls to impersonate legitimate people and entities to trick consumers into giving out their personal information. The scammer can then use the personal information fraudulently or sell it on the online black market. A related type of cyberattack is Smishing, which targets individuals through SMS (Short Message Service) or text messages. (The term is a combination of “SMS” and “phishing.”)
More information is available about spoofing and phishing at our newest blog post.
“As part of our mission to protect Tennessee investors, our team investigates every complaint we receive related to securities scams,” said TDCI Assistant Commissioner Elizabeth Bowling. “Oftentimes spoofing and phishing techniques are used in securities-related scams, so by educating themselves and learning the red flags of a scam, Tennessee investors can avoid compromising their finances or personal identity. Investors should contact our team if they have questions about an investment or if they suspect they have been the victim of a securities scam.”
Learn the Red Flags for Spoofing and Phishing
- A firm asking for personal or financial information over the phone. A legitimate financial professional or firm will not request private information via email, text, or online chat out of the blue.
- Spelling or grammatical errors, or unfamiliar language in digital communications. Communications from an established entity will rarely contain these types of flaws.
- Inconsistencies in links, addresses, and domains. Be sure to hover over suspicious links before clicking on them, and closely review the spelling of domain names and email addresses.
- Reloading scams. These scams target investors who previously lost money to a scam or to a business failure that resulted in bankruptcy. Investors shouldn’t have to pay money to get their share from a bankruptcy estate, so be wary and think twice (or three or four times) if you receive such a request.
Contact the Securities Division at tn.gov/commerce/securities or 800-863-9117 for more information or if you suspect a securities fraud has occurred.