Scammers continue to use phishing attacks on both businesses and consumers. Contractors are being warned of circulating fraudulent text messages, telling licensees to inspect their type C and type B licenses immediately for accuracy to avoid revocation. The text contains a link to a site not associated with the licensing board. Recent occurrences of the scam have been making the rounds with California contractors, but all licensees should take heed. Scammers often adapt their scheme to target different victims while using common tactics. While it may be contractors that are on the scammers’ radar today, professionals in every industry do well to beware of phishing schemes.
The Contractors State License Board (CSLB) has sent out fraud alerts to licensees advising that CSLB staff will never use text messages to contact licensees and will not ask for confidential information via text message.
You should never disclose personal information without first verifying that the request is authentic and that the individual making the request has a legitimate need for it. If you have received a similar text, do not click any link or provide any information. It is a scam and should be reported. Contact your licensing authority and provide them with the details of the message, including the number or email it was sent from and the contents of the message. You can also report the scam to the Federal Trade Commission and the FBI’s Internet Crime Complaint Center.
Here is how phishing scams typically work:
Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Scammers use email or text messages to try to steal your personal identification, passwords, account numbers, or other sensitive information. Many impersonate legitimate businesses or authorities such as a licensing authority, government agency, financial facility, or other trusted business. They contact you with messages that appear authentic with a story to trick you into clicking a link, opening an attachment, or providing sensitive information. They use the information to access your accounts, hack your email or accounts, and even sell your information to other scammers.
Some stories they may use include:
- saying there is a problem with an account or license
- stating they’ve noticed suspicious activity or log-in attempts
- claiming there’s a problem with your payment information
- demanding you need to confirm some personal or financial information
- coercing you to click on a link to make a payment that has malware
To protect against phishing attacks, take the following steps:
- Review email and text spam filters.
- Use security software on your computer and mobile devices.
- Protect your accounts with multi-factor authentication. Multi-factor authentication is a security feature that requires two or more credentials (such as a PIN, passcode, security question, one-time verification code, or scan of your fingerprint or face) to log into your account.
- Back up your data.
While these methods help in fighting phishing attacks, you also need to do your due diligence by conducting your own research. When you receive an email or text, review the information and ask yourself if it is authentic. Most companies will not contact you to ask for your username and password. Never click on links in unsolicited emails or text messages. Use Google to search the company’s information to see if it is authentic. If in doubt, contact the company directly using their verified contact information, not the contact listed in the suspicious email or text.
If you suspect that you have responded to a phishing text or email, visit IdentityTheft.gov for helpful resources. If you have clicked a suspicious link, update your security software right away. If you have provided your financial information to a suspected scammer, contact your financial institution immediately to place an alert on your account and review statements for any unfamiliar activity. Phishing emails can be forwarded to the Anti-Phishing Working Group at firstname.lastname@example.org.
Follow BCA on Facebook for more scam alerts, tips, consumer topics, and more. Take a moment to share this information so others can avoid these types of scams.