Recent Phishing and Email Scams: What can you do about them?
Phishing scams–there is a new one every day; these official-looking emails show up unsolicited in inboxes around the world. These bogus emails are designed to steal login credentials or other vital information. Financial companies caught hacker’s attention early, with many banks and payment processor, PayPal, among some of hacker’s earliest victims. Phishing schemes continue today, but luckily there are some things you can do to protect yourself.
Latest phishing scams noted
Here a few recent phishing scams that have popped up:
- Washington State University Computing & Information Technology—With a subject line of “urgent notice,” this email tells the recipient that their password for the University’s systems is ready to expire, and includes a live, clickable link (this should always be a red flag in an unsolicited email!) to reset their password.
- Virginia Commonwealth University—Eerily similar to the WSU phishing scam, the hackers behind this left some common clues that are good warnings not to click anything or respond in any way. It used generic terms (no personalization with a name as VCU does as a matter of practice) and awkward grammar and phrasing.
- LinkedIn—This is likely the most well-known of the scams lately. Following a hacker attack that resulted in millions of LinkedIn account credentials being published on a Russian website, users are receiving emails purportedly from LinkedIn and encourage users to click URLs supposedly linked to the latest news trends.
- Internal Revenue Service—Even the IRS is not immune to phishing scams. Their website detailed recent bogus emails with a “penalty” subject line warning recipients they would be penalized $10,000 for failing to file a return on time, complete with a false deadline and bogus Section 6038. It directs taxpayers to a phony site that appears authentic. Be aware that the IRS does not email or use social media tools to keep in touch!
- ING.com — The Dutch bank ING has been used in a Phishing attack recently, scammers have spammed out emails asking ING customers to log in through a link in emails to update their user details. This resulted in quite a lot of Twitter activity where ING security officials were answering questions and reassuring users.
- The DVLA — Fake emails purporting to be from the DVLA has urged motorists to update their information on a fake website, asking for both names, addresses, driving license details along with credit card details.
- Booking.com — Fake emails have been sent out asking people to click links containing malicious code to verify their hotel booking.
How can you protect yourself and your computer?
Hackers, scammers and criminals are working overtime to compromise data and login credentials—so how can you protect yourself?
- Do not click any links in unsolicited mail, ever. In fact, why open unrecognizable email? If you do open a suspicious email accidentally, immediately close it, close your email program, and log out of your browser for protection.
- Log into the account that the phishing email purported to be from and confirm there is no problem.
- Report suspicious emails. If you get email with broken English and misspellings, it probably did not come from your bank: let the company know so they can check into it.
- Many email programs today offer limited protection from spam and phishing scams, though some are better than others.
- Additionally, some of the latest browsers have built in spam and phishing filters.
For an extra layer of protection, consider adding an email filtering solution designed to catch those “phish!”
If you do, you will be able to send and receive with a little more peace of mind.
See our paper on Cloud Based Email security!
The Omniquad Team