Most people know that con artists sending legitimate-looking emails that attempt to induce individuals to reveal personal information, such as passwords and credit card numbers, is known as phishing.
The latest major email phishing scam was reported on Monday. This time, it was about Netflix. An email with the subject line “Your suspension notification” was sent to as many as 110 million Netflix subscribers telling them their account is about to be canceled.
The email is well designed, looks legitimate and is even individually personalized for the customer. It demands immediate updating of the customer’s account information to avoid being cut off. When the customer clicks on the link provided, they are routed to a fake, but very real-looking, Netflix page. They are asked for updated login information and credit card numbers.
But wait. You know better. You know to independently verify any email asking for personal information. Sophisticated, tech-savvy people don’t fall for that kind of tricks, right? WRONG.
Between April 1 and June 30, 2017, KnowBe4, a provider of security awareness training, sent approximately 6.6 million bogus email messages to more than 2 million individuals. The top 10 most successful messages fooled 22,060 people. These people not only opened the messages; they clicked the link inside. Below are the subject lines that drew in the most “victims”:
- Security Alert – 21%
- Revised vacation and sick time policy – 14%
- UPS Label Delivery (long ID number) – 10%
- Breaking: United Airlines passenger dies from brain hemorrhage – 10%
- A delivery attempt was made – 9%
- All employees: Update your healthcare info. – 9%
- Change of password required immediately – 8%
- Password check required immediately – 7%
- Unusual sign-in activity – 6%
- Urgent action required – 6%
The contents of an email about a United Airlines passenger may not lead you to give up personal information, but an email asking you to change your password possibly could. KnowBe4 reports that 16 percent of people who open a phishing email actually click on the links within it. Even if a link doesn’t ask for personal information, once opened, it can install malware or introduce a virus on the computer being used.
Other popular email scams often contain the following:
- Alarmist messages and threats of account closure – like the Netflix email
- Promises of money for little or no effort
- Deals that sound too good to be true
- Requests to contribute to a charitable organization after a disaster that’s been in the news
One telltale sign of a phishing email is that they often contain bad grammar and misspellings, sometimes due to the fact that they originate from a foreign country.
So, with all this going on, how do I protect myself? The first line of defense is to have a healthy suspicion of any email from an unknown sender or one from a legitimate-looking source that invites you to click on a link. Never open an email from an unknown sender and never click on a link in any email that you are not 100 percent confident in.
OK, you say; I headed all the advice, but I think I may have accidentally fallen for a scam. What do I do now? You should immediately take the following steps to minimize damages and protect your identity:
- Change the passwords or PINs on any online account you think may have been compromised.
- Place a fraud alert on your credit reports. Your bank can tell you how.
- Contact the bank or online merchant directly. Do not follow the links in a potentially fraudulent email.
- If you know of any accounts that were accessed or opened fraudulently, close them immediately.
- Review your bank and credit card statements monthly for unexplained charges or inquiries you didn’t initiate.
Email scams won’t stop and will probably get even more sophisticated over time. But a little bit of paranoia, a healthy suspicion and knowing what to look for and avoid, will go a long way in keeping you safer online.