Email phishing scams escalate, BBB reports
Online Staff Report
Between now and Christmas Eve, consumers will make millions of online transactions. This traffic has cyber-criminals prepped and ready to pounce.
For each legitimate confirmation email that will be sent by online retailers, there will be just as many that are fraudulent. The Better Business Bureau (BBB) is issuing an alert to consumers warning of “phishing” scam emails that may hit their in-boxes.
“The scammers target individuals posing as major online sellers like Amazon, eBay and airlines,” said Dennis Horton, director of the Rockford Regional Office of the BBB. “Because consumers are anxious to receive confirmation of their purchases, they more easily fall into the trap of opening phishing and other malicious emails.”
The criminals are out to get personal and financial information to use for identity theft and other illegal activities. As an example, the Amazon phishing emails have a subject of “Your order on Amazon.com” and return address of “amazon.com” and use actual Amazon graphics, making them appear real. The email also has an attachment that, when opened, installs a Trojan virus that creates a process that will harvest banking information, email logins and social media accounts.
Horton also suggests employers warn their employees not to open attachments from major retail sites.
“Trying to stay ahead of their Christmas shopping, employees try to get some purchases done during the work day,” Horton said. “However, doing so can put your company at risk for a security breach. Because it’s difficult to monitor this kind of activity, it’s important to make sure your company’s computers have reliable email filters that will prevent spam, protect in-boxes and check for suspicious content.”
Following are some tips to avoid becoming a victim of a cyber-crime:
• If you are expecting a confirmation receipt, log into your account and check for confirmation there.
• Be cautious of emails that contain attached files.
• Don’t respond to unsolicited emails.
• Don’t click on links in unsolicited emails.
• Avoid filling out forms contained in email messages asking for personal information.
• Make sure that all links in an email match.
• If you are requested to act quickly or are told that there is an emergency, it may be a scam.
• Install anti-virus software and keep it up to date.
• Install a personal firewall and keep it up to date.
If you might have been tricked by a phishing email, do the following:
• File a report with the Federal Trade Commission at www.ftc.gov/complaint.
• Visit the FTC’s Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
• Forward phishing emails to firstname.lastname@example.org — and to the company, bank or organization impersonated in the email.
For more about scams, visit www.bbb.org.
Posted Dec. 17, 2014