Alerts & Scams
Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, credit or debit card number, without your permission, to commit fraud or other crimes. Identity theft can happen to anyone, but there are steps you can take to minimize your risk of becoming a victim.
Scam of the Week - The information provided below belongs to and is provided by KnowBe4 and is intended for informational purposes only.
September 13, 2019: Phishing for Instagram Passwords
If you’re one of Instagram’s one billion account holders, then stay on high alert for the latest phishing scam targeted towards the social media platform’s users.
The bad guys start the attack by sending an email claiming that someone has attempted to log in to your account. The email is convincing with its simple message and familiar design–complete with an Instagram logo and icon. The email message includes a “sign in” link and a “secure code” to confirm your identity.
When you click the sign in link, you’re brought to a completely fake, but extremely realistic-looking Instagram login page. The web address of the login page is the only noticeable red flag. The web address does not include “instagram.com”, and the URL ends with “.CF” instead.
Remember the following to avoid scams like this:
- Whenever you’re providing login credentials, be certain you’re on the real login page.
- Pay attention to the web address and be sure the proper domain is included in the URL.
- When you get an email from an online service that you use, always log in to your account through your browser to check the validity of the message–not through links in the email.
September 6, 2019: Watch Out for Phishing in your Google Calendar
Beware! If you use Gmail for your business or personal email, you could be at risk. One of the latest cyber scams going around takes advantage of the popular Google Calendar service
by adding fake events to unsuspecting victims’ calendars.
When they create the calendar event, they add a short event description complete with a dangerous phishing link. Typically, the event claims that “You’ve won prize money”, or that “There’s a money transfer in your name”. The description tells you to click the link and follow the directions to claim your money.
Once invited, you’re exposed to the dangerous event description in multiple ways: You’ll receive a notification in your inbox and the event will automatically show up on your calendar.
Don’t fall for it! If you click the link in the event description, you’re brought to a dangerous webpage and instructed to enter your personal information so the bad guys can steal it.
Remember the following to avoid falling for scams like this:
- Never click on links in emails or in calendar notifications that you weren’t expecting. Even if it appears to be from someone you know, it's best to pick up the phone and call them to be sure it's legitimate.
- Always hover over links to see where they’re taking you before clicking. The link may take you to a different address from the URL that is shown.
- By default, Google Calendar events are automatically added to your calendar, even if you haven’t responded. You can turn this setting off by opening your Google Calendar settings from a desktop browser.
August 30, 2019: Confirm Your Unsubscribe Request? Not So Fast.
If you’re subscribed to a large number of digital mailing lists, your inbox can quickly become unmanageable and the word “unsubscribe” becomes your new best friend. But not so fast!
Recently, there’s been an uptick in a phishing scam where the bad guys send emails appearing to be a confirmation of your request to unsubscribe from a mailing list. The subject lines of these emails are usually similar to: “Confirm your unsubscribe request,” or “Client #980920318 To_STOP_Receiving These Emails From Us Hit reply And Let Us Know”.
Should you fall for this trick and click the “unsubscribe” email link, it will trigger a "new email" window to appear in your mail client. This new email will be addressed to 15-20 recipients and will contain "Unsubscribe" in the subject line. Don't click "Send" on that email!
The 15-20 recipients of this email are actually accounts set up for spamming purposes. If you send this email, the spammers will know your email address is a “live one” and they’ll add it to their list. Such lists can be used in other, more lucrative scams.
Follow these tips to avoid scams like this one:
- The bad guys expect you to click and respond without thinking. STAY ALERT! Don’t be a victim.
- NEVER click on links in emails that you weren’t expecting, or that are generally vague and lacking information.
- Never reply to people you don't know, or weren't expecting an email from. Even if it appears to be from someone you know, it's best to pick up the phone and call them to be sure.
August 23, 2019: Watch Out for Rebate Scams
Internet criminals are posing as trustworthy sources so they can trick you into thinking you have earned a reimbursement or rebate. If you fall for it, the bad guys will end up with your banking information or credit card number. They will pretend to be from the government, a bank, or another trusted organization, and they’ll ask you to make a small, initial “administration fee” in order to claim the amount that is supposedly owed to you. If you provide your banking or credit card information, not only will you not receive the rebate, you’ll also lose a lot more money than the initial "administration fee".
To protect yourself, reach out to the organization directly and verify that they are giving out rebates. But remember to never use the contact information found in the message that was sent to you. Look up the organization’s contact information yourself to be sure it is legitimate.
August 16, 2019: Watch Out for Jeffrey Epstein Scams
Internet criminals never shy away from an opportunity to exploit the death of celebrities or well-known individuals. They use the “shock factor” to create fake controversy and trick people into falling for their dangerous click bait. You’ve likely heard about the apparent suicide of Jeffrey Epstein, who was recently found dead in his jail cell. Be on high alert for any communications related to Epstein’s death: emails and attachments, social media platforms (messages, posts, etc.), texts on your phone, or anything else. There will be a number of scams related to this. July 26, 2019: Watch Out for "US State Police" Phishing Extortion Scam.
Be on the lookout for a new sophisticated phishing extortion scam. In this scam, the bad guys claim to be from your local state police and say they have some incriminating information about you. Since they are retiring, they generously offer to delete the evidence in exchange for 2000 bitcoin. It even includes a phone number which you can call if you have any questions.
Don't let the bad guys scare you into action! If this email makes it through your inbox, do not click the link, do not reply or call the number in the email, and do not send them any money. Be sure to follow your organization's procedures for reporting these types of criminal emails.