TDS continues to hear of instances of customers clicking on links in fraudulent e-mails. These are scams and are called “phishing” because cyber criminals try to lure you into their trap, often using a legitimate-looking emails, hoping you take the bait. Their goal? To trick you into revealing account numbers and payment information.
The REAL trick is being alert and knowing what to look for so you don’t fall for this kind of scam. Since most phishing scams have some common elements, they’re easy to spot once you know what to watch for in these emails.
Here are some real-life examples of phishing scams:
Look at the sender’s email address. Often this is your first clue something is amiss—if the address doesn’t match the business supposedly sending the email, it’s probably a scam.
Look for spelling and grammar mistakes. Frequently cybercriminals make some pretty horrible mistakes. Sure, mistakes happen even in professional communications, but they’re rare. If you notice errors, you should be on alert.
Don’t fall for threats. Watch for phrases such as “your account will be closed” or “your account has been compromised.” Odds are if either of these were true, you would be contacted in a way other than over email.
A company you do business with is asking for information. It’s easier to scam people when they think the email is from a company they already know—just remember the company probably already has (or should have) the information being requested.
Beware of links. If an email demands you click on a link for more information, don’t do it. You can use your mouse to hover over any links in an email to reveal the web address, but know this can be faked. If the address is a cryptic set of numbers, looks nothing like the web address from the supposed sender, or is actually an .exe file (which could be malicious software), it could be a fake address.
Here’s a recent example where it looks like a TDS login page at first glance, but the address shows it is clearly not.
If you’re wondering if an email is legit, contact the business who “sent” it. Look up their website yourself (don’t use any provided links), and/or give them a call (you should look that information up yourself, too).
If you find out later you were tricked, we urge you to change passwords immediately! We also have a how-to guide to help if you think you’ve been a victim of a data breach.
Finally, please remember, TDS will never contact you directly and ask you to verify any part of your account. In fact, if you want to make any changes to your account, we require you to verify that you’re authorized to do so!
Finally, with this being tax season, the IRS is providing tips on how to avoid phishing and malware scams. Even if you don’t give the information that a scam email requests, you could still put yourself at risk by clicking on links or opening attachments. Watch this important video to find out how to handle emails that say they are from the IRS — because they are not!