Don't be Fooled by Phishing

Have you ever gotten an email or a text message that ‘just didn’t seem right’?

• Maybe it said it was from someone you know, but the return email wasn’t the one you recognized?
• Maybe the text of the email just didn’t sound like your trusted friend or coworker?
• Maybe it asked you for a strange favor?
• Maybe it said they were stranded in a foreign country needed help?
• Maybe it you to just reply to the email – don’t try calling them?
• Maybe it was from your bank or email provider telling you to just click that link to change your password?

At sometime or another we’ve all been targets of scammers. This type of scam is called phishing. These scammers use email or text messages to trick you into giving them your personal information or something of monetary value. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.

One very common phishing attempt that is making the rounds is an email that appears to be from a ‘trusted source’ that asks for a favor and discourages a normal means of reply (I can’t answer the phone, I’m in a meeting, just reply to this email). When you reply, the scammer asks to secure something of monetary value, often cash cards or gift cards, and transfer it to them. They’ll ask you to reveal the redemption code and send back a picture. You want to help your friend, and there goes your money.

Here is a real-world example of what this looks like:

From: Rev. Dr. R. Leigh Spruill <churchonlineoffice21@gmail.com>
Sent: Monday, February 8, 2021 7:40 PM
To: xxxxxxxxxxxxxxxxxx
Subject:

Do you have a moment I have a request I need you to handle discreetly. I am currently busy in a prayer session, no calls so just reply my email.

Sent from
The Rev. Dr. R. Leigh Spruill
Rector

This phisher found their target email addresses on a public website to ensure there was a relationship with their fake sender. They then found the head of the org chart – Rev. Spruill – to make sure the fake sender was in a position of authority. This is social engineering. The ‘sender’ was chosen specifically so the recipient would be motivated to reply quickly and automatically without doing their due diligence. Here are a few other cues:

• There is no subject.
• The return address is obviously fake – Rev. Spruill would be emailing from his sjd.org email address.
• There is a run-on sentence and a grammatical error in the body of the email. Phishers can be very sloppy so watch for misspelled words etc.
• You are directed to reply directly rather than contacting the sender by any other trusted means.

Phishers will also send emails that look like they’re from your bank or other financial institution or from your email provider. They’ll steal graphics and fonts to make the email look legitimate. No business will ever ask you to click on a link to change your password. If you have any idea that the email in question might be legitimate, go directly to the business’ website or call them directly to confirm.

Here is a helpful graphic that shows some social engineering red flags that you should always be on the lookout for. Remember – it’s ALWAYS better to be safe than sorry!!