While catching up on emails at work, you get a message from your IT department’s helpdesk with a security warning. New updates have to be performed on the servers because a phishing scam is circulating through the network. To be protected, you only have to click on a link.
The problem is that your IT department didn’t send the message. Worse, clicking on that link will actually cause damage instead of preventing it.
As the Better Business Bureau (BBB) notes in its scam alert on this now-prevalent tactic, “Who says scammers don’t have a sense of humor?” Disguising a phishing scam or malware drop as anti-scam protection is an ironic twist on email threats. But for victims, it’s no laughing matter.
Raising the Danger Level
Phishing scams usually begin with some type of warning that causes users to act quickly. For example, a scammer might claim that someone is using your bank account fraudulently and you need to call a number or visit a website to stop the damage.
These scams can have serious repercussions. Not only can scammers obtain personal information like your account numbers, but they can also launch malware on your system that includes keyloggers, spyware, viruses and worms. From there, they can employ tactics incorporating ransomware or identity theft.
These “anti-scam” messages are being sent most frequently to business and college email addresses. The BBB believes scammers are hoping busy employees and students will be more likely to click without double-checking if a sender appears to be legitimate.
When handling phishing scams like these, a little caution can go a long way. Here are some tactics that can help you deal with a scam alert:
- Check with the supposed sender. If the message came from your IT helpdesk, call that number and ask about the message. Very few, if any, IT departments update their security settings by having individual users do that work. Instead, security upgrades are performed at the server or network level.
- Don’t believe a logo. Some scammers have become experts at faking an email so it looks real. They might include branding information from your company, bank, school or other institution. None of these places will typically ask you to update your anti-scam software on a personal computer or device.
- Reduce your spam levels. If you’re in a business setting, ask IT for help in creating stronger filters that will stop spam messages from reaching your inbox. You can also lower the amount of spam you receive by using a secondary email account (e.g. Gmail, Yahoo! or Hotmail) when you sign up for online newsletters, download whitepapers, or take surveys and quizzes.
In general, be very cautious about emails that contain links or attachments. Even if they seem to come from your company’s IT department, they may be part of a phishing scam. If you can’t verify someone’s identity, then the only thing you should be clicking is “delete.”
Image courtesy of Flickr user Wonderlane.