New Scams July 2019

2 Jul 2019

 

Government Imposter Scams

We have all received calls or emails purporting to be from some government agency like the social security administration, IRS, FBI, Medicare demanding immediate attention and often requiring a payment. These scams use threat of government to setup up a sense of urgency and fear to get you to fall into their trap.

 

What should you do?

  • Remember that Government agencies don’t call people out of the blue with threats or promises of money.

  • Don’t trust caller ID, the number can be spoofed.

  • Check with the real agency.

  • Never pay with a gift card or wire transfer.

  • Report government imposters scams at ftc.gov/complaint

 

Learn more about imposter scams at https://www.consumer.ftc.gov/features/feature-0037-imposter-scams

And https://www.consumer.ftc.gov/blog/2019/07/whos-pretending-be-government-now

 

Evaluating phishing or imposter emails

Here is a helpful list that will help you evaluate emails.

 

1. Context – Think about the context of the email and evaluate the likelihood that this person or organization would be contacting you for the purpose described in the email.  Often it is easy if it comes from an organization or person you have not have business with. 

 

  • Would this person/company be contacting me?

  • Do I have business with them?

  • Do I use this email with this organization/person? 

 

2. Call for Action – Is the email asking you to act on something in the email like click a link, open a file or call a number in the email.  If it does not, then is most likely not phishing.  Remember marketers will do the same thing, ask you to buy now or hurry while supplies last.  Better safe than sorry, don’t take the action requested.

 

  • What is the email asking me to do?

  • What are they asking you to do?

  • Is it a reasonable request?

 

3. Fear and Urgency – does the email use fear or urgency to try to get you to take one of the actions listed above?  The email may also make a plea for support usually tied to one of the most recent disasters.

 

  • Does the email appeal to fear?

  • Does the email appeal for urgency?

  • Does the email plead for compassion?

  • Does the email claim an authority?

 

4. Selling – SPAM is not phishing, so if the email wants you to buy something it is probably spam.  You can safely, report as SPAM, ignore, or delete these emails. They may have a call to action and even use urgency, like time is running out for this great deal. 

 

  • Is the email selling something? 

 

5. Email address – is the email address actually one from that person or company.  This one is harder to see and you need to determine the domain name in the email address. Help@company.com is not the same as Help@Company.net. Everything after the @ sign is the domain, and you can determine if that is the organizations real domain. This is not 100% fool proof. 

 

  • What is the email domain, and does it belong to that organization or person?

 

Safe example emails

help@apple.com

help@support.apple.com

 

Suspect example emails

help@apple.net

help@comcast.net

help@app1e.com

help@supportapple.com

help@support-apple.com

help@apple.support.com

 

6. Links in the email – hover over the links in the email what domain do they go to, does it belong to them.  If the email says comapny.com and you hover over it and it says anything different then threat it with extreme caution. You can always open a browser and type in company.com log in and see if there are any alerts.

 

  • Are there links in the email?

  • Do the links go to the correct address?

 

Some advance email protection services will change the URL as a way to protect you.  Here is one from Mimecast https://protect-us.mimecast.com/...

 

Some marketers switch out the URL as a means to track clicks.

 

When in doubt, don't click.

 

7. Reach out – contact the person or company that the email claims to be from and see if they sent it.  Look up the contact information don’t use the contact information in the email.  In this case look up the customer service number, call, and ask them.  Or log into your account to verify without using any links or information in the email.

 

  • Can you contact the person without using any contact information that is provided in the email?

  • Should I authenticate this email or request?  (Confirm the identity of the sender.)

 

No checklist is going to be perfect, however this is a good place to start. 

Please reload

Featured Posts

Does Security Awareness Work?

July 18, 2018

1/10
Please reload

Recent Posts

March 9, 2020

Please reload

Archive
Please reload

Search By Tags