Last article, we covered old timey scam emails attempting to directly get money from you (either via banking system or gift cards).
But newer scam emails tend to fall into 2 categories:
- Trick you into opening a link/attachment to compromise your computer
- Trick you into going to a site that looks real where you can enter your credentials/personal information, but it’s actually a scammer site used to harvest information.
The first one is an attempt to get you to basically run a malicious program on your computer that can ruin your day in several ways: by infecting your machine (and other machines on the network), or by giving the scammers access to your machine-or at least some of the data on it.
Regardless of the ultimate payload, this is not good news. Common messages include “Your invoice is past due, click here to pay now or we will send you to collections” or “UPS was unable to deliver your package, please open the attached file to schedule redelivery”.
The second type will take you to a site that looks like a legitimate site you might use-say Amazon, Office365, Gmail, etc.-but in reality it’s a scam site, and when you type in your information, you are just handing it over to the scammers!
Common messages for this include “Your account has been locked due to suspicious activity, click here to change your password” or “Your account has been cancelled, please click here to update your credit card information and restore your account”. Once they have your account credentials, they can change your password and lock you out!
And to make things even more complicated, scammers are now blending attacks to include a mix of phone calls, emails and text messages. They use mixed modes to try to make themselves seem more legitimate, or to try to confuse you. The bottom line is: You need to pay attention. Don’t be afraid to push back (or just hang up the phone or ignore emails/texts). If an interaction with someone is causing a strong emotional response like fear (I’m going to send the cops to arrest you!) or excitement (“Hi, this is the IRS. We owe you $10,000 dollars but need your social security number to verify your identity”), chances are it is a scam.
Next month, we’ll go deeper into detecting scams, and ways to respond!