Email phishing scams are getting more sophisticated every day, using familiar sender names and other information to lower their targets’ defenses and make them more likely to become victims. It may seem like we’ve seen it all, and then — bam! — we’re hit with a sneaky new tactic or a complicated computer virus. How can we keep our computers, networks, and personal identities safe online? By remaining vigilant — think before you click!
Following are 4 ways internet scammers are trying to get into our systems and ways to protect your organization and yourself.
Scam with a Familiar Name through Email
Phishers and hackers have become a lot better at copying email addresses and sending them in a way that makes them look legitimate. A familiar scam that’s been circulating lately is an email that looks like it’s from your parish priest. Typically, it’s a hastily written request for the recipient to purchase gift cards for sick hospital patients he is “visiting” or for a parish event like an upcoming auction.
Usually, “Fr. Bob” will ask the person to pick up some Google Play or iTunes gifts cards in various denominations, take pictures of the back with the PIN numbers scratched off, and have them email the information back to him. Unfortunately, this is a common scam that a lot of people fall for. Once those numbers are revealed and sent, funds can be depleted within a matter of minutes. Even if you were to discover the scam within a short period of time, gifts cards are typically non-returnable … and can be used by anyone with the PIN.
Scammers do a lot to find personal contact information, and this includes searching through parish websites and online communications such as bulletins to find what they need. In an effort to reduce the chance of receiving fake requests, some parishes have gone so far as to keep all parish email addresses off their online bulletin (the printed bulletin still has them), as well as resorting to using an online form for parish communication requests. While this doesn’t eliminate the problem completely, it does make it harder for phishing scammers to contact unsuspecting people.
Payroll Scams via Email
Payroll scams through email are especially popular today. Using a familiar name but fake email address, the fraudster will ask someone in the finance department for their direct deposit paycheck to be sent to a new bank account and routing number, which is all supplied through email. However, you guessed it: it’s a scam.
You should never accept vital information sent through email, no matter how authentic it might appear. Always request a voided check and verify with each parish employee any changes to a paycheck, checking account, or financial institution. All it takes is a quick phone call or a stop at their desk to verify whether this is a true request.
Phishing Attempt via Text Messaging
Imagine that you just received a notification on your phone that “you’ve got mail.” Checking your email on the fly, you see a communication from your pastor, asking for a huge favor. They ask for your phone number so they can text you, and you send it. Minutes later, you receive a text message. “I’m in a meeting and can’t talk,” it reads. “I need you to stop at the nearest gas station. It’s important.” Congratulations — you’ve been phished.
Falling for this type of scam is even easier if you use your phone to check email, because it doesn’t automatically show the email address it’s sending from, just the name, which is easy to customize. And if your boss or pastor is a fast-paced kind of person, a random email from them isn’t that unusual. But even so, if you were to have followed instructions, you’d have ended up purchasing gift cards, and then asked to scratch off the back so you could send the details via text.
Phishing Attempt via Account Verification
It’s normal for employees, parish staff, and other organizations to send files back and forth through email. However, rarely, if ever, do these files require you to enter personal information in order to open them. A trending phishing scam is an email sent to a person with a PDF document attached. Using a simple message that conveys that this is an urgent request, someone clicks the link and is then prompted to enter their Adobe login/password to open the document. Unfortunately, you’ve been phished, and your personal information is now at risk.
If you’re like most people, you have a password that you use for multiple accounts. So if a hacker is able to guess even one password for one account, it won’t take long until they start finding more of your accounts and try that same password. In addition to not falling for this particular phishing scam, you should also be sure to use multiple passwords for various accounts and update them often. You should also consider a secure password manager, like 1Password.com or lastpass.com, which holds all of your logins and passwords in one secure spot, but also suggests better passwords and remembers them for when you need them. No need for post-it notes under your keyboard, multiple passwords that get forgotten, or a chance of one being guessed by a hacker.
Every day, you hear of a new internet scam. The best way to not fall for these scams is to remain vigilant, always verify, and always think before you click. For more ways to protect yourself, visit the Federal Trade Commission’s Consumer Information website for some great tips.