TDS is receiving reports of a new round of phishing emails hitting inboxes which means it’s time to brush up on your phishing-spotting skills.
Phishing attempts typically try to scare you into clicking on links and/or open a Google form and provide information. Remember: any company you do business with should already have the information being requested. And, when in doubt, contact the company directly rather than using links or information included in an email (get a refresher on five ways to spot a phishing scam).
If you’ve ever wondered how scammers even get your email address in the first place, here are some of the ways they do it (according to Microsoft, The Balance Everyday, and others):
- They use web crawlers that look for the @ symbol. Scammers have developed sophisticated automated tools that search the internet and gather email addresses. These can be found in insecure files, blog comments, winner lists, or even on social media profiles.
- They guess. Scammers will gather lists of common names and words, and combine them with popular email address services/internet service providers and just try and and see if it works. Again, scammers are using tools to do this by the thousands.
- They buy lists. Read the privacy policy on any website before handing of your email—the company may be able to legally sell your information, including your email address. On the dark web, there are also illegal lists available to purchase.
- Hacking. Cybercriminals are not above hacking into databases to get email addresses. They can use them, or they can sell what they find—or both.
- Fake websites. Fake sweepstakes are a classic method for getting people to readily give away their information. Always double check that it’s legitimate by checking out the company tied to the offer, and looking out for misspellings, bad grammar, and vague details.
One thing is for sure, phishing isn’t going anyway any time soon—not as long as people continue to fall for these scams. In the meantime, stay on your toes, and be sure to refresh your memory about how to spot a phishing scam (with real-life examples of attempts our customers have received!).
If you receive a phishing email, the Federal Trade Commission says you can report it at ReportFraud.ftc.gov and forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. (If scammers contact you by text message or phone, report that, too.)
P.S. If you’re wondering if an email request for information is real, contact the business who “sent” it—but don’t use any links or phone numbers provided. Instead, look up their website yourself and/or give them a call (you should look that info up yourself, too). It’s the safest way to confirm whether the request in your inbox is for real.
I received an email that made it look like it came from PayPal and it said that I had purchased an item for 999.00 dollars from a company that sells guns and they gave a phone number to call. The person on the other end called himself Ben Johnson. The problem was that Ben had a distinctive Indian accent which I recognized from my Indian friends. I asked him how an Indian had a name that was not appropriate and he began to stutter and stammer. I then called PayPal directly and reported it. They gave me a number to use to report the scam.