As you may know, Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by a criminal posing as a legitimate institution for the purpose of gaining sensitive data from unsuspecting victims. We would like to take this time to highlight a new phishing attack stemming from the recent government shutdown and review best practices for protection against criminals’ attempts. Below is from an article written yesterday by Josh LeBerte, and found on a Birmingham, Alabama ABC affiliate news site.
With the U.S. government shutdown entering its ninth day, the Better Business Bureau warns phishing scams linked to government agencies are on the rise, with fraudsters offering unclaimed government relief funds or refunds through calls or emails.
These scams often direct consumers to websites like www.myreliefcheck.com, where they are asked to provide personal information that could lead to identity theft. Some sites also require a small registration fee, prompting consumers to disclose credit card or banking details.
The Better Business Bureau warns that scammers are now exploiting the government shutdown by offering funds or benefits that may be frozen, creating a false sense of urgency.
Carl Bates, president and CEO of the Better Business Bureau, emphasized the danger of sharing financial information without verifying with actual government agencies.
As this latest scam is one of thousands of types of ongoing scams, it is wise to remember these tips.
-
Make sure spam filters are in place for emails coming into your personal network and devices. Generally, the filters assess the origin of the message, the software used to send the message, and the appearance of the message to determine if it’s spam.
-
The browser settings on your personal devices should be set to help prevent fraudulent websites from opening. By doing this, browsers keep a list of fake websites and when you try to access the website, the address is blocked or an alert message is shown. For the ultimate protection, the settings of the browser should be set to only allow reliable websites to open up.
-
Many websites require users to enter login information while the user image is displayed. Requiring login credentials is certainly one way to protect the entry into your personal portals or websites containing your personal information. However, the frequent entry of the same login credentials can actually increase the chances your username and/or password may be picked up by criminals. One way to decrease that likelihood is to change passwords on a regular basis, and never use the same password for multiple accounts.
-
Monitoring systems help prevent phishing. Many personal web-protection services, such as Norton Life Lock, are available for your personal use as well.
-
If there is a link in an email, hover over the URL first to inspect it for oddities as mentioned in the Hyperlinks bullet above. Pro tip: Secure websites with a valid Secure Socket Layer (SSL) certificate begin with “https”. You should avoid unfamiliar, unsecure links and websites until investigated further for legitimacy.
Crooks have no boundaries when developing new scams. As we see from the example above, their prey are now the unsuspecting people impacted by the government shutdown. Remember, if you are ever in doubt of the legitimacy of an email asking for information, containing a link or looks suspicious in any way, please do not access the link or respond to the request. Instead, investigate the legitimacy of the organization by direct contact. If the legitimacy cannot be verified, delete the email from your system. And, as always…
Stay Alert, Stay Vigilant, Stay Safe!
