Mike Parker: Beware fake email ‘bills’ and other contacts
Last week, I wrote about scammers using the telephone to intimidate and extort money and information from the unsuspecting. These thieves pretend to be federal government officials who are suspending social security numbers for suspicious activities and often demanding huge payments be made to avoid arrest and prosecution.
This week I want to talk about a form of thievery than involves the Internet. I received an email that informed me that my PayPal account was going to be charged nearly $700 to pay for software I ordered. Of course, I did not order any software from that company. I doubt I have ordered $700 in software in my whole life.
The email included a phone number, purportedly from PayPal, so I could dispute the charge. Instead of calling the number provided in the email, I looked up the PayPal phone number on line and called the real PayPal. Needless to say, the number in the email did not match either the customer service or billing inquiry numbers on PayPal.
After negotiating the “phone tree,” I was put through to an employee. I told him what I had received, asked him to check if a charge was in the works, and then asked if the number in the email was legitimate. No charge was pending, he said, and the number in the email was in no way connected to PayPal.
What I experienced was a “phishing” scheme. According to the Federal Trade Commission, scammers use emails and text messages to deceive their marks into revealing personal information. The FTC says scammers “may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts.”
Scammers launch multiplied thousands of phishing attacks like these every day. In 2019 the Internet Crime Complaint Center (IC3) received 467,361 complaints – an average of nearly 1,300 per day – one per minute. In one year, scammers fooled their victims to the tune of $57 billion.
“Criminals are getting so sophisticated. It is getting harder and harder for victims to spot the red flags and tell real from fake,” according to Donna Gregory, chief of the IC3.
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment, the FTC website warns. The messages may say they have noticed some suspicious activity or log-in attempts or claim a problem exists with your account or your payment information. A common tactic is asserting you must confirm some personal information. Some, like the email I received, include a fake invoice.
Other tactics include asking you to click on a link to make a payment, enticing you by saying you are eligible to register for a government refund, or offering a coupon for free stuff. What the scammers really want is your personal information.
When I received my “PayPal” notification, I checked with the real PayPal first to find out about the legitimacy of the email. After I learned the email was a fraud, I got curious. I had never heard of the company mentioned in the email. I did a web search and found the company that named in the phishing attempt was a legitimate tech company operating in California. In a way, the company was a victim, too. Its name was being used to deceive and defraud people.
What should you do if you suspect a phishing attack? If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?
If your answer is “No,” you are probably dealing with a phishing scam. If your answer is “Yes,” then contact the company using a phone number or website you know is real. Do not use the information in the email. Never open attachments. The links can install harmful malware on your computer.
What should you do if you have responded to a phishing email? If you think a scammer has your information, such as your Social Security, credit card, or bank account numbers, go to IdentityTheft.gov. This website provides specific steps to take based on the information that you lost.
If you think you clicked on a link or opened an attachment that downloaded harmful software, immediately update your computer’s security software. Then, run a scan.
Finally, if you receive a phishing email or text message, report it. The information you give can help fight the scammers. Reporting is a two-step process. First, if you receive a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726). Second, report the phishing attack to the Federal Trade Commission at ftc.gov/complaint.
Be alert. The scammers are after your information – and everything you own.
Mike Parker is a columnist for Neuse News. You can reach him at mparker16@gmail.com.