Graphic of falling yellow, blue, green and red envelopes with question marks.

4 Tips For Spotting Email Scams

As technology advances, so does the deception

The pandemic has amplified the number of scams and email attacks on individuals, companies and organizations. People are already in vulnerable places emotionally, socially, physically and mentally; Covid has only intensified fright and flight instincts. We are constantly interrupted by additional stressors.

What might have easily caught your attention on an invoice, bill or receipt, can now slip by when the mind is overwhelmed with the stress of daily life. The way people receive goods, bills, invoices and confirmations has changed during the pandemic.

Be proactive and take one worry off the list by preparing yourself and educating your clients, friends and family about current email scams. Here are four ways to identify obvious scams when shopping for company or personal resources.

The Sender

When opening an email, especially one that is unexpected make sure to check the sender address. This can be the first and last stop when identifying a scam. Do you order from Amazon or Office Depot often for your business? Typically, large companies have a very streamlined and identifiable confirmation process. It might have a logo, a reprint of your order, package tracking information, etc.

Most companies have emails such as a “confirmation@” or “receipt@”, and then the company. If your typical confirmation is now coming from a different sender or source, this is a red flag. Most purchases are automated; therefore, an email about a package and confirmation that is not expected or sent at strange times is also a red flag.

Grammar

The schoolteachers’ philosophy holds true: If it isn’t written correctly, it’s not correct. Many scams originate from outside of the United States and come from people who have never spoken English, or who might have only slight knowledge of English grammar and mechanics. This lack of familiarity with the language or even cultural communication can be extremely evident from the outset of the email. Unusual forms of personal address or improper labels are a signal of deceit.

Legitimate order confirmation emails should be free of spelling and punctuation errors, or words swapped for one another such as “their” and “there.” If you find such an error, take it as a signal that this email is likely a scam.

Strange Link     

Many people are already well versed on email scams that direct you to a link. Most know not to click the link. Use this same strategy when reviewing your confirmation and order. You are usually able to scan over the item or photo and it should direct you back to the home site, whether you were shopping on Home Depot, Office Depot or Amazon. If it directs you to another site, and you can confirm this by hovering your mouse over the link, then it’s a scam. Contact your original purchaser immediately.

Format

Most online retailers have the shopping, shipping and receipt process dialed in. Communications are auto-formatted and the email confirmation arrives in a clear, itemized order. Often items – the exact photo of the item and its link – can be found on an email confirmation.

Order receipts or requests for further action that are formatted in a strange manner should raise your suspicion. Are they asking you for additional shipping payments? Did they add your taxes incorrectly and are trying to collect? Do not fall victim to these scams. Your receipt of purchase should be clean, neat and easy to read and reference. If something is strange, then this is an identifier of a scam. In the end, trust your instincts. If something looks off, it likely is. Don’t be afraid to back out of an email or a link that feels like it might be fake. You know when something looks and behaves unlike the norm. Trust that and help yourself and your business stay safe.

Multi-colored post-its with different passwords covering a computer monitor.

Streamline and Simplify Passwords

It’s one less stressor!

The more we use mobile technology, the more passwords we accrue. It’s not unusual for an individual to have more than 20 different sites — bank, social media, Netflix, home security — that she routinely enters. Add to this borage of passwords the lack of cohesiveness between websites. One password might require lower and upper case and numbers and punctuation, and another asks for your childhood street address.

How does one simplify the technology puzzle and avoid getting overwhelmed by too many passwords? Here are five steps to follow to keep the letters, numbers and punctuation that make up your internet profile easier to recall and more secure.

Step 1: Use passphrases instead of passwords

Many experts suggest length is key to preventing a hack. The longer the password, the better, even upwards of 20 characters. Use a phrase that is easy to remember such as a favorite cheer for a sports team or something that is second nature in response to you. Some examples might be I-need-my-coffee-at-8AM! or GoBadgerBasketball1984.

Step 2: Use a password manager

How many of you have snapped a photo of your passwords or a photo of a driver’s license to remember information. What happens when your cell phone is gone? Can you access this information? There are hundreds of password managers that can be utilized both via desktop or laptop and smart phone. Although the inputting passwords up front might take time, it’s the sense of organization that is the reward. It’s best not to use the same password for every site. It’s also nearly impossible to remember a different password for each site.

A password manager allows you to use one code to access all of your other codes. This helps secure credential storage as well. The manager can assist in synchronization across multiple devices.

Step 3: Use Two-Step Verification

This is also known as two-factor or multi-factor authentication. This means that a password and a secondary smartphone code are required for access. This might be something such as a finger print, face identification or other tech-savvy options. These are much more secure and nearly un-hackable. Individuals should enable this security whenever possible, especially for financial, email, and other secure and/or private accounts. This can also be enabled with a password manager.

Step 4: Do Your Research

Stay up-to-speed on current online hacks and breeches of data that have occurred. A good resource is https://haveibeenpwned.com to see if any of your online accounts have been compromised. This could be a healthy routine to visit the site once a month to check in on all online accounts and data that you want kept private.

Another easy safety device is to set up alerts on your phone or through Google, Yahoo, etc., that alert you to current scams or if any of your information has been violated. There are thousands of security breaches daily, and don’t panic if you are contacted; it does not mean your information has been compromised. Do your due diligence and determine if you need to go to your password manager to update information.

This information might seem overwhelming; however, being knowledgeable and proactive about passwords and data is crucial to a healthy cyber profile. Technology is constantly advancing. Use these nuances to your advantage. Streamline passwords and stay tech-intelligent.

smishing-cube-with-letters-and-words-from-the-computer-software-picture

Protect Your Phone From This New Type of Phishing Attack

Now is the time to educate yourself.

In the chaotic economic and physical landscape of 2020, the last thing any individual should have to contend with is being taken advantage of when vulnerable. Nonetheless, scammers are still looking for loopholes to victimize the innocent. Their newest tactic is a scam call “smishing.”

What is smishing? How does one become educated and protected, and how can you be proactive for the next scam?

Smishing is the practice of sending fraudulent text messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords or credit card numbers. Smishing is basically a “phishing” scam involving the exchange of text messages or SMS messages.

Common platforms and applications that the hacker might use include a built-in smartphone messenger, iMessage, Facetime, Facebook messenger, WhatsApp, Slack, Skype and other face-to-face mobile vehicles.

Sadly, this is quickly becoming an increasingly popular and successful means of deception. Smishing is especially confusing as people often believe their cell phones are safe from hackers and scammers. Junk text messages were a rarity in years past. Nowadays such texts are common, and many businesses, including doctors, routinely text individuals to confirm appointments or prescription refills.

Due to the newer nature of this scam, and lack of education about its pathway from spam to private information, many consumers, especially those more at risk, such as the elderly, or those without internet access, are prime targets.

In prior years, there was a massive effort to educate the public about not clicking on random links in their email, and that became extremely successful. Nonetheless, criminals are finding a new path, and that is through the technology that is closest to them — cell phones.

Now is the time to educate yourself on how to differentiate spam and phishing text messages from important communication. When receiving a text message from an unknown source, here are four things to think about before responding:

  1. If it seems too good to be true, then it is! If you receive a generous coupon code from a place you have never heard of or an amazing incentive from a popular brand like Target, McDonald’s, Nike or others, don’t respond. Instead, check a website from the company or call the main phone number to see if the offer is legit. Don’t call a number on the text message, and never respond to an offer by texting personal information.  
  2. Time sensitivity. If you receive a text asking for personal information to fulfill a medical or business request, and they need it ASAP, it’s a scam. A reputable company, medical office or organization is going to pick up the phone and call an individual, not text.
  3. Long text messages from unknown sources, including a link, are also a good indication of smishing, or phone phishing schemes. Never, click on a link from an unknown source. The link can immediately allow phishers access to confidential and valuable information from your phone. Be vigilant for text messages asking for personal information, passwords or other sensitive information.
  4. Does the text message have grammatical errors or strange sentence structure? While many people use talk-to-text, it would never be a means of communication for a business to connect with a customer. Another red flag is when the pronoun to your name such as Ms., Mrs., Mr., Dr., etc., is incorrect or even used at all from a stranger. Don’t respond to these messages.

What to do once smished? Delete! And if necessary, block the sender. If you are truly questioning whether a text is legit, try logging onto the internet from a different device to do some investigative work. Bottom line: You do not want to compromise the security of your personal information to anyone via text.

Fishing hooks are hanging with transparent string in front of blue background.

It’s a New Day with “Phishing”

Are you ready?

Can you spot when you’re being phished? One of the first steps is fully understanding what phishing is. Unfortunately, it’s not as fun as heading to the stream with your waders. Phishing can take place via phone call, text, or email, but the latter is the most common place. The attacker will pose as a legitimate institution in an attempt to get secure information from their target. Some examples include those spam calls you receive from the “IRS” robot asking for your social security number.

Over email, things can get a little bit more malicious. It’s common sense to know that an unsolicited robotic voice asking for your social security number isn’t legitimate. However, what happens when you receive an email with a link that you wouldn’t usually give a second glance to? Cyber attackers rely on that lack of attention to target vulnerable users. Here are some ways to tell if the email you’ve received is a phishing email:

  • Remember that if it seems too good to be true, it probably is. Those flashy designs advertising expensive items for free could (and in all likelihood will) result in identity theft.
  • Be mindful of emails from unknown senders insisting that you act urgently. The attacker is trying to pressure you into acting without thinking.
  • Watch out for unknown hyperlinks and attachments. They’ve gained popularity over recent years. They avoid giving you all the details in the email to avoid looking immediately suspicious and urge you to click on the link for more information. Never click on a link from an unknown or untrustworthy sender.

All of that might seem like a lot, but knowing what to look out for is the first step in protecting yourself from cyber-attacks. After a while it will all become like second nature. There are also plenty of other preventative steps that you can take to ensure that you and your inbox are protected.

Spam filters can go a long way toward stopping malicious content from getting to your inbox at all, and you can update your browser’s security settings to block fraudulent websites from opening at all. Setting up two-factor authentication with your financial institutions and any website where your bank data may be stored can help protect you as well.

Jigsaw and Google have partnered to keep an up-to-date phishing quiz to see if you’re ready to identify phishing attempts that may come your way. You can take it here.

handwriting-text-scam-alert-concept-meaning-warning-someone-about-or-illustration-id1046523370-1

6 tips for avoiding online scams amid COVID-19

Being mindful, being aware and noting odd happenings in our digital lives can help stop these fraudulent maneuvers.

Every day, as consumers and as business people, we are confronted with obvious and often not-so-obvious attempts to steal our information, our identity and our money. Scammers have been particularly busy in recent weeks as businesses and individuals shift their activities online in response to the COVID-19 outbreak.

We are not powerless against these criminals. Being mindful, being aware and noting odd happenings in our digital lives can help stop these fraudulent maneuvers.

Here are six tips for staying safe.

1) Online purchases should be made with PayPal or with a credit card. The reason is that debit cards take the money immediately. If fraud is in progress, the delay of a credit card transaction affords the card holder a better opportunity to catch the fraud and get it corrected.

2) If it looks odd, it likely is. Sometimes, something doesn’t look or feel right. While many shoppers stick to large, legitimate shopping sites like Amazon or Barnes & Noble, shoppers also seek deals. Unfamiliar web sites or mom-and-pop sites have become adept at mimicking their supersized competitors.

See an odd “o” in Amazon that looks like a zero? Don’t buy from it. Does the eBay purchase you’re about to make have a legitimate looking url? Double check it. Make sure it’s not a fake or altered web site; pop around online and be sure the purchase comes from the authentic retailer.

3) Go slowly when responding to or clicking through eNewsletters. A sophisticated and effective way scammers can get buyers’ money is by building authentic looking eNewsletters that provide click-thrus for purchasing or for personal information confirmation. One real-life scenario involved a well-known university credit union that sends out eNewsletters regularly.

One day, the eNewsletter showed up in members’ inboxes. The eNewsletter asked the recipient to confirm their name, social security number, address and phone. When the recipient complied and clicked, “done,” all that information went to a database controlled by scammers. The bogus eNews was so well designed, it was virtually impossible to know it was fake.

4) Create new passwords and do it often. Create different passwords for different web sites and make a habit of changing them regularly. Make the passwords sophisticated. If eight or more characters are required for the password, you might consider taking the extra time to make a 16-character password that makes use of supported combinations and special characters (i.e, #,S,<, numbers and letters). There are apps that help keep passwords organized and stored. Use one.

5) Enable fraud protection. The good news is that when fraud is detected, reputable companies help make it right. The credit union fraud caused the card owner to incur over $500 in unauthorized charges. The card holder had all the money put back into her account. Enable fraud protection on all credit cards. Most banks that hold credit cards will work with the cardholder to identify the fraud and reimburse the charges. Fraud protection makes the correction easier to catch and quicker to remedy.

6) Beware of phone scams. Fraudsters are becoming more sophisticated every day in order to get you to hand over your personal information over the phone. This is true not only with voice calls, but with text messages, and smartphone apps as well. 

Generally speaking, if you get a request for personal information via your phone and you did not initiate the request, chances are the request is fraudulent. 

This is especially true for scam calls purportedly coming from the IRS. The IRS will always notify you by mail first if there are any issues. Then and only then will they communicate using other means to resolve the issue in question, and that is usually only when you initiate the communication with them in response to a letter you may have received.

Let's Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM