Increased scam and phishing activity during the epidemic

Hello,

I noticed that scam attacks increased significantly in those hard times so I prepared a short note to help you discover those emails and protect yourselves.

To start, here are few absolute rules:

  1. Never open attachments in an mail from an unknown source
  2. Never click on a link/button in an email from an unknown source
  3. If it’s an email from a known source, never open attachments that contain an executable file, i.e. have an extension .exe, .vb, .php, . html, etc…

There are few very simple methods to detect a suspicious email.

  1. Sender email
    1. In an email you see a display name, not an actual email address. That’s why it may look legitimate.
    2. Hover over the sender email address or click on it to reveal the real address. If the domain of the address has nothing to do with the email, delete the email immediately
    3. Example and exercise: you may receive an  email from support.paypal.com Hover over this address to see the real address. If you can see the real address, you passed.
  2. Links and buttons
    1. Same as above. The link you see is a display name. Hover over the link or button to see the real link.
    2. Example and exercise: you may receive an  email with a button asking to reset your password  Reset your password Hover over this address to see the real address. If you can see the real address, you passed.
  3. Weird subject
    1. If you see a subject that has strange symbols, spaces, upper case , it’s guaranteed that the email is not legitimate
    2. A m a z o n
    3. Ŧ-mobile
  4. Spelling and grammar errors
    1. Legitimate companies don’t do that. It’s most likely Asian or Russian hacker using an automated translator.
  5. An offer too good to be true
    1. I am sure you heard of a Nigerian Scam – a lottery winning, inheritance, etc… There are similar scams on a much smaller scale usually designed to lure seniors with to good to be true reverse mortgage, loan, insurance, etc… deals.
  6. Unlock account, reset password and similar
    1. Legitimate businesses, banks, utilities, brokers, insurance companies never ask to unlock an account online. If you see something like this that looks legitimate and uses your personal data, never click on any links. If you suspect something,
      1. Open your browser
      2. Enter the address of the company. Always use https://  never http://
      3. When the page opens, check the padlock icon next top the address
      4. The padlock means that the site uses a certificate to prove its identity.
      5. Click on the padlock to verify that the certificate was issued by a Trusted Authority
      6. Only after you verified that the site is safe, go to the message board to verify that there’s a message.

Take time to study phishing scams. Here is a good source https://www.phishing.org/phishing-examples

PS: use the tips above before you click on this link.

Bohdan Raciborski
Senior VP
Polish Home Association