Be Aware, Be Safe
DISH is leading the effort to help keep you better informed. Other companies send out warnings about scams after it happens. We want to share some great tips that will help prevent you from becoming a victim in the first place.
Take Proactive Measures to Protect Yourself
- DISH sends out email alerts when your account information has changed. Make sure you receive these alerts by providing a valid email address at mydish.com/myprofile.
- Call DISH at 800-333-DISH (800-333-3474) to add PIN verification to your account. With this option turned on, anyone calling into DISH is immediately prompted for your account's security code. This prevents unauthorized individuals from gaining access to your account.
- Research "identity theft protection" to find out more about companies you can pay to monitor your personal and credit information.
Do Not Give Out Sensitive Information
Criminals attempting to commit fraud sometimes call customers and claim to be DISH representatives. Since they are able to “spoof” DISH's phone number (make it appear as though their call is coming from DISH even though it is not), these calls often appear legitimate. Do not provide these callers with any personal or account information, including your account number, security code, receiver number, or location ID. You may be asked to provide this information when you contact DISH directly to verify that you are authorized to access the account and/or make changes, but DISH will never call you asking for this information.
If you receive a questionable call, hang up and call back on DISH's main phone number: 800-333-DISH (800-333-3474).
For more details on Caller ID spoofing, please visit: https://consumercomplaints.fcc.gov/hc/en-us/articles/202654304-Spoofing-and-Caller-ID
Strengthen Your Online ID and Password
When a database containing usernames and passwords is stolen or hacked, criminals often try using that list of usernames and passwords on hundreds of other companies' websites to see if they can get into any other accounts.
- Don't use the same username and password combination on multiple sites, and avoid the most common passwords. For some fun reading, do an internet search on “most common passwords."
- Use a password that is at least 8 characters long and contains an uppercase letter, a lowercase letter, a number and a special character. As an example, pick eight characters (I.e. PB&J2eat), then add several characters from the site name that you are logging into. This way, you can still remember your password and it will be unique for each website.
In this example, we used “PB&J2eat”, plus a simple description.
This way, if one of the companies got hacked, the other logins wouldn’t be compromised.
- www.mypowercompany.com PB&J2eatpower
When PIN numbers are needed, don’t use the most common PINs, for example: 1234, or all repeating numbers: 1111, 7777, 5555. Banking industry studies have shown that the top 10 most commonly used PINs account for over 25% of PINs used. If a criminal tries the top 10 of the most frequently used PINs, they have over a 25% chance of gaining access.
Always Log Out of Your Account When You Are Done
Closing the browser window doesn't log you out. Think of it as a telephone conversation: if you walk away from your telephone without hanging up, anyone could pick up your telephone and continue the conversation. Logging out is like hanging up.
To protect yourself even further, learn how to delete your browser history and cookies for whatever browser you use. Browsers keep a history of what you do while you are online. If you use a public computer, you don't want to leave behind information about yourself that someone else could access.
Do Not Send Money Outside of Your Normal Payment Method
Criminals attempting to scam people out of their money might contact them with a great offer in exchange for an upfront payment made via a specific payment method (usually money order through a service such as Green Dot or Western Union).
Any offer that requires you to pay outside of your normal payment method is most likely a scam. DISH customers pay for their service on a monthly basis, and there are no offers that require paying for 6 months or a year in advance. Additionally, DISH will never require that you use one particular payment method. We accept a wide variety of payment methods, including credit card, debit card, electronic funds transfer, check by mail, and money order.
If you receive a call about an offer that sounds too good to be true, hang up and call back on DISH's main phone number: 800-333-DISH (800-333-3474).
Verify the Return Address Before Responding to Emails
The return email address on an email can be spoofed (made to appear as if it came from DISH when it did not). The name that appears as the return address might not be where the email came from, and it might not be where a return email will go if you respond.
Emails from DISH will almost always come from email@example.com, and replies will go to firstname.lastname@example.org. If you receive an email from a different email address, do not respond to it.
If you respond to a valid email from DISH, be aware that the information in the email is not protected. Unless you know for sure that your email is setup to be encrypted, don't send any personally-identifiable information in an email.
Know How to Recognize Phishing and Social Engineering
Phishing (pronounced "fishing") is a term used to describe the process of gathering information. Any additional information that a criminal collects about someone is a successful phishing attempt.
For example, a criminal phishing for information could send out several thousand emails to random email addresses. The email might state that immediate action is required to prevent their DISH installation from being cancelled. Someone might then respond to that email and say that they don't have an installation scheduled.
By responding to the email, that person has let the criminals know that their email address is valid. They have also potentially provided the criminals with additional information, such as their full name and whether or not they are a DISH customer. The criminals can use this information to continue phishing for even more information or to pass themselves off as the customer to DISH or another company.
Social engineering is also used to describe attempts to gather information, but it involves playing on human emotions to do so. Social engineers will usually pass themselves off as someone who needs help or who is trying to help you. They may know the amount you pay for DISH service, where you work, if you have kids, etc. They will use this information to get you to believe their story. They may also exhibit one of more of the following traits:
- Rapport: The caller is polite and attempts to talk about common experiences. Human nature tells us that nice people aren't crooks.
- Humanitarianism: The caller tries to draw upon your good nature of wanting to help someone else or a family member. It's in our nature to care.
- Repetition: The caller repeats the same information over and over but words it slightly differently each time. Things we hear over and over tend to sink in.
- Urgency: The caller insists on immediate action. A sense of urgency in someone else's voice tends to get the average person's adrenaline going.
- Authority: The caller tries to make you believe they are a person of authority. We are taught growing up to believe and respect authority figures.
If you receive a suspicious call, hang up and call back on DISH's main phone number: 800-333-DISH (800-333-3474).
Check Hyperlinks Before You Click
Hyperlinks, which typically appear as blue underlined words, are normally used to carry you to another website. However, they can take you to somewhere other than that what link actually says.
In Internet Explorer, Chrome and Firefox, you can hover your mouse over a hyperlink to display the underlying link in the lower left corner of the browser window. If the underlying link does not match where you are expecting to go, do not click on it.
Report Fraud if it Happens to You
Reporting fraud or fraud attempts helps law enforcement understand the scope of the problem. If everyone reports it, law enforcement has more investigative leads and prosecutors have more of a reason to pursue it. Even if your local law enforcement agency doesn't have the resources to investigate it, you can still report it using one of the links below.
Federal Bureau of Investigation
Federal Trade Commission
International Consumer Protection and Enforcement Network
If you're a victim of fraud where someone else has your personal information, you should also contact the credit reporting bureaus to help prevent someone else from opening up loans or bank accounts in your name.