Email inboxes have become minefields filled with scam grenades, waiting for you to open and pull the pin. Phishing emails often look like they come from a company you know and trust by fraudulently and realistically using its name and logo. The message may claim a problem with your account, offer a free gift or prize, include a fake invoice or warn of unusual activity on your account. But it will also contain links to malware designed to infect your computer, steal passwords and open you to identity theft.
Recently, Better Business Bureau discovered several local businesses who experienced an email hack, and that hack led to mass phishing emails sent to their client lists. Which means you could be on the receiving end of those phishing emails. They could look like they are coming from your local plumber, dentist or spa.
When it comes to a data breach, all businesses are susceptible; all types of businesses, construction to technology and all sizes, big and small. Hackers know that every business has its weak spots. They search for those open doors and raid them. Once they have the credentials to gain access, they go to work. Hackers will take the time to copy contact lists, mimic past email messages and copy company signature lines. By impersonating a local company that you’ve worked with previously, con artists hope you will fall for their tricks.
The emails are usually pretty general, but tricky. A scammer who hacked a local HVAC company sent out emails to a wide range of the company’s past clients with the subject line: “Heating and Cooling Proposal [Secure]”. The message was short and to the point reading, “Good morning, attached is the revised proposal for your review. Kindly review and let me know if you have any questions.” Followed by a link and the exact signature of the general manager, including company logo and mission statement.
While we might be on guard for phishing emails from Netflix or Amazon impersonators, a local company may throw you off and hook you in. This is a good reminder to always be wary of any unsolicited or unexpected communications asking for personal information or telling you to download an attachment.
BBB offers these safeguards:
Do not click on any links or attachments.
Read the message carefully for signs that it may be phishing email (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).
Be wary of any urgent instructions to take a specified action. One common example is, “Click on the link or your account will be closed.”
Hover your mouse over links without clicking. The URL in the text should match the URL that your mouse detects. If the two do not match, it is most likely a scam.
Delete any suspicious email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
Always run anti-virus software and install software updates frequently. If you clicked a link in the phishing email, be sure to do a full system scan.
Report the phishing email to BBB’s Scam Tracker and the Federal Trade Commission. Contact the company via phone to let them know you’ve received a suspicious email from them.
Jeremy Johnson is the Eastern Idaho marketplace manager for the Better Business Bureau Northwest + Pacific.
The business news you need
With a weekly newsletter looking back at local history.