How to Recognize & Avoid Phishing Scams

What is Phishing?

A fraudulent attempt to get your personal information, banking details, and passwords via email, phone or texts. Cyber-criminals often pose as someone calling from your financial institution or other company.

Recent Reported Attacks

March 2020

Smishing Scams from Mobile Carriers: Do you text? Then you’ve probably already been victim to a Smishing attack. Smishing refers to text message phishing attempts unwanted texts from mysterious sources. Sometimes they are easy to spot as a scam. Unfortunately, they aren’t always so obvious. Smishing scammers are sending text messages that appear to be security alerts from your service provider. It instructs you to click on the link to verify information or your device may be compromised, or something else unwanted.

Please remember: Don’t assume that because it’s a text that it’s any safer than an email with a bad link. Follow the same precautions you would with a questionable email. Login through a browser, not by following a link. You can also call your service provider to see if it is something they may send out. DO NOT call a number that came through the text to validate anything. Use a trusted number off your bill or online account to contact them.

February 2020

Malicious Apps in Your App Store: App Stores are constantly scanning their apps and removing applications that contain strains of “clicker” malware that can view your sensitive data and even make in-app purchases on your behalf. It is impossible for them to remove ever hazardous app.

Please remember: Do your research before downloading any application. Beware of biased/fake/staged reviews or apps that don’t have any reviews. Avoid apps with low download numbers. Avoid apps with spelling errors in the description.

PayPal SMS Scam: PayPal is showing up in more places online and in stores. To add to their email attacks, hackers are now texting users about unusual activity detected on your account. They also attach a link in the text to take you to a site that looks similar to PayPal’s login page.

Please remember: Don’t click on links in text messages that you weren’t expecting. Report the telephone number if you have that option. You can also block these numbers via mobile antivirus software. Before downloading mobile antivirus software, do your research!

Coronavirus Attacks: With the threat of the Coronavirus all over the news, the cyber-criminals couldn’t resist jumping on that bandwagon. They are sending out fake emails posing as health officials or agencies with “important” information.

Please remember: Do not download PDF’s or other files to “learn about safety measures”. Downloading these files can infect your computer with malware.

January 2020

Windows 7 End of Life: Microsoft announced they were ending support of their Windows 7 system. This means no updates & less security. Bad guys are attacking via phone, emails, or pop-ups trying to scare you into downloads or remote access to “secure” your computer.

Please remember: Microsoft support does not call customers. Do not allow someone who contacted you remote access to your computer or credit card data. Beware of flashy pop-ups that insist you need an update.

Post-Holiday Shopping Scam: Did you do a lot of shopping online over the holidays? Many people did and earned points or store cash coupons as well. Scammers are sending emails acting as retailers claiming your points are going to expire.

Please remember: If there’s a sense of urgency, it’s probably a scam. Go through your browser to verify the information, not clicking on the link in the email.

2019

December 2019

Free Movie Download: Did you find a “free” download to a movie still in theaters? While this is called piracy and is illegal if it does even take you to a movie, any “free downloads” are likely scams!

Please remember: Don’t download questionable material! This could be illegal and cause you even more troubles. Don’t give your credit card data to any site offering “free” material. If it seems too good to be true, it probably is!

“Your Subscription Has Ended”: Most people have some form of online subscription either to a streaming service or even Amazon Prime. The bad guys are using these subscriptions as bait in new phishing attacks. The emails are urging you to click the links to login and ensure you aren’t loosing your subscription.

Please remember: If an email feels like it’s forcing you or urging you to do something immediately, it’s potentially a scam. They try to pressure you into something before you have the time to stop and think about it. If you are unsure of your subscriptions, please log into their site via your browser.

PayPal: With many people changing their shopping preferences to online, Hackers have upped their game for the holiday season. Hackers are sending phishing emails regarding logging into your PayPal account. From there, you will be redirected to a fake site where your credentials will be stolen if you try to log in.

Please remember: Always use your browser to navigate to the site. Change your password often. Search online for password/passphrase tips and recommendations for secure ideas.

November 2019

Black Friday and Cyber Monday Scams: Checking out all the deals coming up? So is everyone else, including the bad guys.

Please remember: Never click on links in emails, always use your browser to navigate to the site. Don’t open attachments with special offers, if it’s a real offer, it shouldn’t be an attachment or link. Don’t click on pop ups or ads! Never shop over public Wi-Fi! Keep a close eye on your credit card and bank accounts. If you notice anything unexpected, call your bank or credit card company. Whenever possible, use your credit card for online shopping.

Holiday Shopping and Phishing Scams: The US government released a statement warning citizens to be on the lookout for different types of holiday scams home and while abroad. The alert notes the dangers associated with online shopping. These scams could be anything from shopping deals, holiday ecards or donation campaigns.

Please remember: Never click on unexpected links. If you receive an email asking you to login to a website, don’t follow the link. Login using your normal account through your browser. We all want to help others, especially around the holidays. Before your heart has you make a bad mistake, please do your research before donating.

Year End Employee Benefits & Pay Raises as Bait: Even the bad guys know that good things pop up at the end of the year/beginning of the new year. This could include re-enrollment into benefit plans, raises, surveys. In their phishing emails, they include malicious links or attachments asking for login information.

Please remember: Always ask your HR person if you aren’t sure! Most times, you will know if you should be expecting something from that person too. Don’t just click on something because it says insurance/pay raise.

October 2019

LinkedIn Job Postings: Cyber criminals are creating attractive job postings to target people of all ages. From here, they will ask for your personal information or resume.

Please remember: Never sent personal information or your resume to an email that is unrelated to a company. Only accept LinkedIn invitations from people you know.

Yahoo Data Breach Settlement Phishing Attacks: Did you use a Yahoo email from 2012-2016? You may have gotten personal information stolen from hackers. With the class action lawsuit, Yahoo must offer two years of free credit-monitoring services or $100 to anyone who had an account stolen during this period.

Please remember: Hackers are also using this lawsuit to attempt to trick people into filling out fake claims! If your account was compromised and you want to claim your rights to this settlement, only use their official settlement site, https://yahoodatabreachsettlement.com.

September 2019

Amazon Phishing Scam in Progress: Cyber criminals are targeting Amazon customers and successfully getting account logins, personal information and sometimes even their banking information. They send phishing emails that look convincing that tell you to update your account information or your account will be deleted. Usually they insert a link or a button that says, “Update Now”. Clicking this will take you to a site they control and made to look like Amazon. Since they control it, they will be able to save anything you input into it!

Please remember: If you receive a suspicious email from an online product or service you use, don’t follow the link! Always log into your account via their website. If the email is making you feel pressured to do something, especially quickly, it’s likely fake. Delete the email, do not forward it to someone.

References: https://www.knowbe4.com/ Security Awareness Training