Alerts & Scams
Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, credit or debit card number, without your permission, to commit fraud or other crimes. Identity theft can happen to anyone, but there are steps you can take to minimize your risk of becoming a victim.
Scam of the Week - The information provided below belongs to and is provided by KnowBe4 and is intended for informational purposes only.
May 17, 2019: That Free Avengers: Endgame Download You Found Online? It's a Scam!
If you’re looking to stream or download blockbuster movies when they’re still in theaters, you probably shouldn’t. Why not? Well, first and foremost, this is called piracy and it is illegal. Secondly, any “free downloads” you do find will likely be a scam.
Recently, a popular search engine result for Avengers: Endgame claims to offer either a download or a full viewing of the blockbuster hit. The movie even begins streaming automatically, but you’re prompted to make an account shortly after. Creating an account is free, but you soon find that you must “validate” your account using your credit card details.
Don’t be fooled! If it seems too good to be true, it probably is. Remember the following to stay safe when browsing online:
- Never download anything from an unfamiliar or questionable website. Especially if the download could be stolen, and therefore illegal, material.
- Never give information to a website you can’t trust. Even if you don’t enter credit card data, simply creating an account makes your email address more vulnerable to future scams–especially phishing attacks.
- Never reuse passwords. If you create an account on a dangerous site, scammers will try to use your email and password combination to break into your other accounts.
May 10, 2019: Watch Out for Insta-scams!
Some of the latest social media phishing scams are making their way through Instagram right now. These attacks trick you into giving up your account’s login credentials so the bad guys can take over your account and further spread their malicious tricks.
Here’s how it works: You’ll receive a message from an Instagram user. The message claims they’ve seen some of your photos ranked on a “Hot List”, or even a so-called “Nasty List”. The message leads you to a fake Instagram account to see your ranking. The scammers include a dangerous, shortened link in their Instagram account profile, and use an enticing message to get you to click. Once you’ve clicked this link, you’re directed to a fake, but identical-looking Instagram login page. Don’t log in! If you enter your information here, it will be instantly sent to the bad guys.
Remember these tips when using social media platforms:
- Never open or respond to social media messages from strangers. Even if the message appears to be from someone you know, be cautious, their account may have been hacked.
- Shortened links are often used on mobile phones and social media profiles. If you can’t see the full address of where a link is taking you, don’t click! Wait until you can view the link on a desktop, and avoid clicking suspicious links altogether.
- Using shocking content to entice you is one of the oldest tricks in the book of phishing scams. If you receive an email or message claiming that your photos were seen somewhere, this is likely a scam. Don’t respond, and delete the message immediately.
May 3, 2019: Spike in Malicious PDF File Scams, Again!
PDF files are commonly used in most organizations, regardless of what industry you work in. That’s why PDFs are often thought of as a “safe” file type. Do you hesitate to open them?
Over the past few months, there’s been an increase in the bad guys taking advantage of this trusted file type. They’re finding ways to hide malware in PDFs so they make it past the security filters your organization has in place. Most often, the malware is executed once you open the PDF and click on a misleading link in the file. A different PDF attack steals your login details when you open the file.
Always remember, never open an attachment unless you have asked for it. Even if the attachment appears to come from someone you know, pick up the phone to verify it’s legitimate.
April 26, 2019: Watch out for Fake Emails from HR
The bad guys know how easy it is to trick you with emails that spoof–or appear to come from–your Human Resources team. These attacks are everywhere right now. The emails are often centered around topics such as “new” or “changed” policies, employee benefits, employee handbooks, payroll, and W-2 information.
Whenever you receive an email from your HR team, you may feel compelled to open the email and address it right away. The sense of authority that comes with HR emails is how the bad guys trick you. They’re counting on you falling victim to this sense of authority so you end up clicking before you think.
If you receive a suspicious email appearing to come from your HR team, or an HR-related service, always remember the following:
- Do not click on any links or download any attachments before picking up the phone and speaking with someone who can confirm the request is valid.
- Log in to the HR-related service account through your browser (not through links in the email) to check the validity of the information in the email.
April 19, 2019: Watch out for Robocall Scams Saying your Social Security Number is Suspended
Be on the lookout for a popular robocall scam that is tricking people into believing their Social Security number (SSN) has been suspended. The robocall tells you to call the number provided to speak with a government agent about the issue. Some of the robocalls even threaten to issue an arrest warrant if the victim doesn’t respond.
When you call the number back, you are actually speaking with a fake government agent. This scammer will try to trick you into giving up sensitive personal information like your SSN, birth date, and bank account number.
Always remember the following to stay safe from tricks like this:
- Your Social Security number can never be suspended.
- The Social Security Administration will never threaten to arrest anyone.
- Do not share any type of personal information with anyone you don’t know over the phone.
- If you get this type of call, hang up the phone immediately and report the call to the appropriate agency.