Sophisticated Seasonal Spam and Phishing Scams

Doug Smullens, IT Systems Manager here at the Penn libraries sent this message around to library staff recently, and it had some good information and good examples in it, so I wanted to share it with our blog readers as well:

This is the time of year a lot of criminals pull out their most
sophisticated scams to try and trick you into revealing personal data or
financial data they can use to rob you.  It’s important to be especially
vigilant about email messages you receive and websites you visit.  In the
past two days I’ve received completely legitimate looking emails purporting
to be from Paypal, Facebook and Amazon that were all scams.
All three tried to use fear to get me to follow links embedded in the
messages.  In the case of Paypal and Amazon they suggested large
transactions had taken place on my account and these were just the email
receipts.  They didn’t ask me to do anything, but there were helpful links I
could follow to review my account.  In the case of Facebook, it was
suggested my “profile” had been deleted.  I could re-activate at any time by
logging back in to the service (through a handy link).

Here are some guidelines to follow:

• Don’t follow links in emails from any external retailer or service vendor.
If you receive a message about a product or service that might be
legitimate, open a web browser and go directly to that companies website.
If you have an account, you can log on and take appropriate action as
needed.  If you don’t have an account, contact customer service through
means they identify on the website.

Look for URLs that “Look Right” – The email might include a convenient link
to a seemingly legitimate website where you can enter the information the
fraudster wants to steal. But in reality the website will be a cobbled
copy-cat – a “spoofed” website that looks for all the world like the real
thing. In some cases, the link might lead to select pages of a legitimate
website – such as the real company’s actual privacy policy or legal
disclaimer.  Many times you can detect a fraud because the link doesn’t go
to the company’s actual website.

• Don’t try to “win” anything.  Phishing is done with more than emails.
Contests are big: “Win a free iPad!” or “Get a $500 Target Gift Card!” The
come-ons are all over the web. All you have to do supposedly to get this
awesome swag is click on a link that is likely to take you to a toxic site.
Increasingly, these toxic sites embed a virus into your computer that allows
the crook to capture your every keystroke.

• Don’t panic. The other brilliant scam that can pull you into the vortex of
a toxic site is the pop-up warning: “Your computer has been compromised!
Click here to download a security fix!” When you click, you open the gates
of your computer to all sorts of nasty viruses.  Try closing the browser
window(s) by clicking the “x” in the upper corner of the window(s).  If that
doesn’t work, push and hold the power button on your computer to force it to
shut down.

Happy Holidays.

Some information included in this post was copied from the following sites:
http://www.cbsnews.com/8301-505144_162-57388953/5-ways-to-protect-yourself-from-phishing-attacks/
http://www.sec.gov/investor/pubs/phishing.htm

One thought on “Sophisticated Seasonal Spam and Phishing Scams

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s