I last wrote about what to watch out for and how to identify a phish in 2022, but the bad guys have not been resting on past accomplishments. In the past two years, new schemes and scams have surfaced and it’s important to be aware of them going forward.
The standard schemes are still around. An email purports to be your bank or your employer, wants you to sign into “verify” credentials, and then steals those credentials. As more people become savvy to these frauds, though, newer frauds are being hatched.
The first is the “invoice” scam. Here you get an email supposedly from a vendor such as Symantec, McAfee or the Geek Squad saying “Thank you for your order” with a random dollar amount shown. Usually there’s an 800 number to call if you have questions. Should you call that number, you will be connected to the scammer. They will ask for your credit card number so they can “credit” the erroneous amount. But what they really do, of course, is take over your credit card account.
Next up in the malware arsenal is the gift card scam. With this one, you get an email from somebody that resembles someone you may have done business with or know. They ask you for a favor as they are busy at the moment. Can you go purchase some Amazon gift cards, iTunes gift cards or the like? Scratch off the numbers and send those revealed numbers to them. They promise to reimburse you. No points awarded for guessing what part of this process doesn’t happen. This type of fraud also happens frequently in a text message.
Slightly less common, but more damaging is the rerouted business email. Here the scammer inserts their email into a legitimate business transaction, masquerading as coming from a vendor you work with and pay electronically. The malefactors ask you to send money to a different account, other than the one you normally use when dealing with them. There’s usually some verbiage about changing their business relationship. They then abscond with the transferred money and vanish.
A new variation on the phishing front is the message with a subject like “We’ve Received Your Cancellation Request.” When you open the message, there is a link to go to “to cancel this request.” If you click that link, and enter your user ID and password, the scammers will then take over that account. If it’s your email, they can then change the password and lock you out, send out spam in your name, etc. If it’s a bank account, they can then get access to your finances. No institution or Internet Service Provider or email host is going to cancel your account via an email message. All such emails are bogus, and you should delete them.
If you receive a text, phone call, voicemail or email that you aren’t sure is legitimate, the best course of action is to delete it. Don’t respond. If it is legitimate, the sender will try again or use another way to reach you.
