Email phishing scams are getting more sophisticated every day, using familiar sender names and other information to lower their targets’ defenses and make them more likely to become victims. It may seem like we’ve seen it all, and then — bam! — we’re hit with a sneaky new tactic or a complicated computer virus. How can we keep our computers, networks, and personal identities safe online? By remaining vigilant — think before you click! Following are four ways internet scammers are trying to get into our systems and ways to protect your organization and yourself.
SCAM WITH A FAMILIAR NAME THROUGH EMAIL Phishers and hackers have become a lot better at copying email addresses and sending them in a way that makes them look legitimate. A familiar scam that’s been circulating lately is an email that looks like it’s from someone you know. Typically, it’s a hastily written request for the recipient to purchase gift cards.
Usually, this fake person will ask you to pick up some Google Play or iTunes gift cards in various denominations, take pictures of the back with the PIN numbers scratched off, and have them email the information back to him. Unfortunately, this is a common scam that a lot of people fall for. Once those numbers are revealed and sent, funds can be depleted within a matter of minutes. Even if you were to discover the scam within a short period of time, gift cards are typically non-returnable … and can be used by anyone with the PIN. Scammers do a lot to find personal contact information, and this includes searching through websites and online communications, such as newsletters, to find what they need. In an effort to reduce the chance of receiving fake requests, some senior centers have gone so far as to keep all email addresses off their online newsletters (the printed newsletters still have them), as well as resorting to using an online form for communication requests. While this doesn’t eliminate the problem completely, it does make it harder for phishing scammers to contact unsuspecting people.
PAYROLL SCAMS VIA EMAIL Payroll scams through email are especially popular today. Using a familiar name but fake email address, the fraudster will ask someone in the office for their direct deposit paycheck to be sent to a new bank account and routing number, which is all supplied through email. However, you guessed it: it’s a scam. You should never accept vital information sent through email, no matter how authentic it might appear. Always request a voided check and verify with each employee any changes to a paycheck, checking account, or financial institution. All it takes is a quick phone call or a stop at their desk to verify whether this is a true request.
PHISHING ATTEMPT VIA TEXT MESSAGING Imagine that you just received a notification on your phone that “you’ve got mail.” Checking your email on the fly, you see a communication from the senior center director, asking for a huge favor. They ask for your phone number so they can text you, and you send it. Minutes later, you receive a text message. “I’m in a meeting and can’t talk,” it reads. “I need you to stop at the nearest gas station. It’s important.” Congratulations — you’ve been phished. Falling for this type of scam is even easier if you use your phone to check email, because it doesn’t automatically show the email address it’s sending from, just the name, which is easy to customize. If you were to have followed instructions, you’d have ended up purchasing gift cards, and then asked to scratch off the back so you could send the details via text.
PHISHING ATTEMPT VIA ACCOUNT VERIFICATION It’s normal for people to send files back and forth through email. However, rarely, if ever, do these files require you to enter personal information in order to open them. A trending phishing scam is an email sent to a person with a PDF document attached. Using a simple message that conveys that this is an urgent request, someone clicks the link and is then prompted to enter their Adobe login/password to open the document. Unfortunately, you’ve been phished, and your personal information is now at risk.
If you’re like most people, you have a password that you use for multiple accounts. So if a hacker is able to access even one password for one account, it won’t take long until they start finding more of your accounts to try that same password. In addition to not falling for this particular phishing scam, you should also be sure to use multiple passwords for various accounts and update them often. You should also consider a secure password manager, like 1Password.com or lastpass.com, which holds all of your logins and passwords in one secure spot, but also suggests better passwords and remembers them for when you need them. No need for post-it notes under your keyboard, multiple passwords that get forgotten, or a chance of one being guessed by a hacker. Every day, you hear of a new internet scam. The best way to not fall for these scams is to remain vigilant, always verify, and always think before you click. For more ways to protect yourself, visit the Federal Trade Commission’s Consumer Information website for some great tips at consumer.ftc.gov.