We talk to you fairly often about phishing scams. That’s because, unfortunately, scammers use our name in emails to try and trick you into revealing personal information. These cybercriminals are hoping to gather the details they need to reach your account and payment information.

Today, the Federal Trade Commission (FTC) revealed the commissioner’s name is also being used in a phishing campaign:

“Scammers are impersonating FTC Chair Lina Khan in a new phishing scheme. The email says the FTC wants to send you Coronavirus relief funds and tells you to send some personal information, like your name, address, and date of birth. The FTC is not distributing Coronavirus economic stimulus or relief money to people. The email is a scam. Don’t reply.”

The FTC goes on to say:

“If you get an unexpected email that asks you to reply – or call or click a link – to give somebody personal or financial information, don’t. It’s probably a phishing scam trying to steal your money.”

That’s great advice! Always be skeptical of unexpected emails that demand action, or try to entice you into sharing information.

If you’ve ever wondered how scammers even get your email address in the first place, here are some of the ways they do it (according to Microsoft, The Balance Everyday, and others):

  1. They use web crawlers that look for the @ symbol. Scammers have developed sophisticated automated tools that search the internet and gather email addresses. These can be found in insecure files, blog comments, winner lists, or even on social media profiles.
  2. They guess. Scammers will gather lists of common names and words, and combine them with popular email address services/internet service providers and just try and and see if it works. Again, scammers are using tools to do this by the thousands.
  3. They buy lists. Read the privacy policy on any website before handing of your email—the company may be able to legally sell your information, including your email address. On the dark web, there are also illegal lists available to purchase.
  4. Hacking. Cybercriminals are not above hacking into databases to get email addresses. They can use them, or they can sell what they find—or both.
  5. Fake websites. Fake sweepstakes are a classic method for getting people to readily give away their information. Always double check that it’s legitimate by checking out the company tied to the offer, and looking out for misspellings, bad grammar, and vague details.

One thing is for sure, phishing isn’t going anyway any time soon—not as long as people continue to fall for these scams. In the meantime, stay on your toes, and be sure to refresh your memory about how to spot a phishing scam (with real-life examples of attempts our customers have received!).

If you receive a phishing email, the Federal Trade Commission says you can report it at ReportFraud.ftc.gov and forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. (If scammers contact you by text message or phone, report that, too.)

 

Leave a Comment