Here’s what happened …
A county employee received a sequence of emails from someone claiming to be an accountant with D&W Contractors, Inc, a contractor making repairs and cleaning up in the aftermath of the hurricane (Harvey). The bogus emails requested payment into a new bank account for the work that had been carried out.
On October 12, a transfer of $880,000 was made, and it wasn’t until the next day that Harris County was informed that the account did not actually belong to the contractor. Fortunately, the money was recovered. An investigation has been launched to determine who is responsible.
Did you know?
- 90–95% of all successful cyber attacks around the world begin with a phishing email
- No matter how effective your spam filter is, a spoof email could bypass it, making your organization’s staff the last line of defense against fraud
What is Phishing?
phish·ing /fiSHiNG/: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Here are 5 common Phishing Examples and how to Recognize Them:
1. Deactivation Scares
This lure often works because no one wants their account deactivated.
1. Don’t click on any links in the email
2. Ask yourself, “Do I actually have an account with this organization?”
– If NO – delete the email and go about your day
– If YES – proceed to step 3
3. Instead of clicking on a link in the email, type the URL, of the service in question, directly into your browser like you would as if you were going to the site any other time. If the URL you normally go to to access the service matches the URL(s) in the email then it may be legit.
Still NEVER trust links in a questionable email. Always login to the site by going directly to it in your web browser. Once you’ve logged in you will easily be able to tell if your account is indeed in jeopardy of being deactivated.
2. Look-alike Websites
Spammers are getting more and more clever. It’s becoming increasingly difficult to tell the difference between a phishing website/email and a real website.
Always inspect the link the email is asking you to click on to make sure it’s legit.
Better yet – NEVER click on a questionable link in an email. Instead, go directly to the legitimate website.
3. Nigerian Scams
Officially known as “advanced fee frauds”, this phishing attempt got its name decades ago because Nigerian fraudsters seem to attempt them far more often than any other country. We’ve all seen them. The bad grammar and outrageous scenarios are laughable! You’ve probably even thought to yourself, “who in their right mind would ever fall for something like this?” Surprisingly, those elements are an intentional filter. Nigerian scammers send out millions of fraudulent emails a day and most of them are blocked and dumped by email users or their security software.
But this phishing scam is NOT trying to catch the “average” user. This lure is intentionally targeting more susceptible victims. Some people are not deterred by the silliness and grammatical errors and that’s who these phishermen are trying to hook.
Don’t judge too quickly. Falling prey to these types of phishing attempts has little to do with intelligence. Victims of these types of scams include; Nobel prize winners, CFOs, doctors, engineers and others across the entire spectrum of human intellect and socioeconomic groups.
If it’s too good to be true (and FREE money is) then it’s fake.
4. Go Directly to Jail
Don’t let phishers use your guilty conscience scare you into doing something that your gut tells you is wrong. People sometimes feel guilty even if they haven’t ever done anything illegal. Just the threat of going to jail can cause otherwise rational people to act immediately and foolishly.
Fake threats from the FBI, Police and IRS are very successful, both online and over the phone. They are also very EASY to avoid.
The IRS & FBI will never contact you via email or phone about going to jail. They will always send you a letter through the USPS as a first means of contact.
Also, be calm and examine the warning in the email. Most likely there are no real details about the alleged illegal activity. It’s fake!
Don’t worry. If the FBI or IRS want to talk to you they’ll either send you a letter or show up at your door. 🙂
5. Tech Support Scams
This is one we see all the time. You either stumble upon them on the web or, in many cases they actually call you and claim to be from Microsoft or some other well known company. If you end up on the phone with one of these scammers they will act like a “technician” and ask you to grant them access to your PC so they can install “troubleshooting software”. Of course their software will find all kinds of malware and mis-configured files and they will sell you a program to “clean up” the problem.
But the REAL problem is now a Scammer has your credit card info and you’re about to get stuck holding the bill for his next shopping spree. Not to mention he also has access to your PC and all the information you have stored on it. Not good!
Only work with knowledgeable IT professionals that you can trust. Like Alexaur Technology Services, Inc. Call us first before you let anyone onto your PC that you don’t know.
Or, look up and call the legitimate company’s phone number, that they claim to be representing, to confirm.
Click the following link for even more real-world Phishing examples like:
- SEO Trojans
- Craigslist Money Scams
- Save a Friend
- Wire Transfer Scams
- Work Mules
- Phone Forwarding Scams
- SMS Phishing
For more information on keeping your employees and business safe online please call us at 281-646-1200 or email us.