Be On Guard – Phishing Scams
A couple of ‘good’ phishing scams to watch out for:
I’ve been receiving email messages saying my tax return is ready for review; or they have important information about my Federal Tax return; and all kinds of variations on these themes.
Don’t fall for this – communicate one-on-one with your accountant. If you haven’t worked on your tax return yet, I assure you there’s no one out there pro-actively getting it started for you. Be sure to only take professional advice from a trusted accountant or CPA. They use email encryption or specific software to send/share sensitive documents.
For your staff, family, and friends, remind them to stay away from these email solicitations. Don’t click the links, don’t ‘trust’ anything sent via email. You don’t know where the links go. These scams work because they seem reasonable, so be very cautious.
Next – most of us have anti-spam in place, and we should. We’re used to seeing the daily list of email messages that have been caught by the spam filter, then we can see if any should be released. Well, the hackers and social engineers know we’re familiar with these, so they’re ready with their own variation which is a scam.
The one I recently received said it was from MailDeliverySystem@syscon-inc.com, so it looked like it was coming from our network, but it wasn’t. The subject line was ‘Office365: Release Messages Ready for Disposal’ and it had my email address. Notice the message is designed to make me worry that I’m going to miss important messages because they will be ‘disposed of’ if I don’t check. There were 9 new messages to be checked. The sign-off said it was from ‘The Microsoft Team.’ All I had to do was click on the link to review the messages – NOT!
What to do if you get something like this? How do you know if it’s legit? Well in this case, I don’t use Office 365, so I knew right away they were trying to trick me. Also, this wasn’t the right address for our anti-spam service reports; this isn’t where they come from. Since I monitor a shared mailbox, I got two of these in a short time and both had exactly 9 messages to review; definitely a red flag.
For new employees, and as a refresher to your current staff, have a short procedure that includes the email address for these anti-spam reports; review these each quarter. Also, make sure to read these messages with a critical eye, as if a sales person was calling the office and you were screening the calls.
You should absolutely have anti-spam software, but you should also know where it originates and share all of this with your team. When it comes to email, Naiveté is NOT a virtue; be careful. – CMW