by Marilyn Gore
Have you ever gotten an email or a text message that ‘just didn’t seem right’?
At sometime or another we’ve all been targets of scammers. This type of scam is called phishing. These scammers use email or text messages to trick you into giving them your personal information or something of monetary value. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.
One very common phishing attempt that is making the rounds is an email that appears to be from a ‘trusted source’ that asks for a favor and discourages a normal means of reply (I can’t answer the phone, I’m in a meeting, just reply to this email). When you reply, the scammer asks to secure something of monetary value, often cash cards or gift cards, and transfer it to them. They’ll ask you to reveal the redemption code and send back a picture. You want to help your friend, and there goes your money.
Here is a real-world example of what this looks like:
From: Rev. Dr. R. Leigh Spruill <firstname.lastname@example.org>
Sent: Monday, February 8, 2021 7:40 PM
Do you have a moment I have a request I need you to handle discreetly. I am currently busy in a prayer session, no calls so just reply my email.
The Rev. Dr. R. Leigh Spruill
This phisher found their target email addresses on a public website to ensure there was a relationship with their fake sender. They then found the head of the org chart – Rev. Spruill – to make sure the fake sender was in a position of authority. This is social engineering. The ‘sender’ was chosen specifically so the recipient would be motivated to reply quickly and automatically without doing their due diligence. Here are a few other cues:
Phishers will also send emails that look like they’re from your bank or other financial institution or from your email provider. They’ll steal graphics and fonts to make the email look legitimate. No business will ever ask you to click on a link to change your password. If you have any idea that the email in question might be legitimate, go directly to the business’ website or call them directly to confirm.
Here is a helpful graphic that shows some social engineering red flags that you should always be on the lookout for. Remember – it’s ALWAYS better to be safe than sorry!!