Holiday Scams Part 1–Shipment Scams
The holidays were fast approaching. The church secretary opened her email at the beginning of her day and noticed an email from a shipping company from which she was expecting a package. She asked the pastor if he thought she should open it, and he agreed it was safe. Wrong move. Instead of a shipping notification, the email deployed malware that contained ransomeware. Unfortunately, this was not an isolated incident. In the first 6 months of 2021, there was $590 million of “ransomeware-related activity” according to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). (https://www.techtarget.com/searchsecurity/feature/Ransomware-trends-statistics-and-facts). That doesn’t count the amount that went unreported, as only businesses considered critical to the nation’s infrastructure are required to do so. And of course it doesn’t count losses experienced by the rest of the world, as the US is not the only country so victimized.
So what should the hapless church employees have done instead?
1) Look closely at the email address. I recently got a spam purportedly from UPS. It’s ridiculously easy to forge a from: header, so the first thing I always do is look at the email address. It was from:
ciaowp@rfikjgfoprhro.co.com
Uh, yeah–that doesn’t look anything remotely like UPS to me. The terrible grammar just confirmed that:
“Hello Dear,
You are Customer #688342 of USPS Rewards and we have been waiting for your confirmation. Since this delivery is for FNAME
To activate the delivery, please confirm here
Best regards,
USPS Rewards”
If all these emails were that unsophisticated, phishing likely wouldn’t be the problem that it is today, but unfortunately, there are those out there that can appear very very convincing.
2) Don’t click a link in an email. Go to the website of the company–UPS, for example–and enter your tracking number there.
It also goes without saying–except, evidently, it doesn’t–that if you’re checking your personal email on the job, the prohibition against clicking a link holds double, as you could be causing damage to your employer’s systems and network. It’s best to just check it from your phone.
Holiday scams take advantage of the fact that people are rushed and aren’t paying as close attention as they probably should be. Don’t fall victim.
Be smart, be wise
Always verifies.
&
Stop and think
Before you click that link.
And then say “screw it!”
Just don’t do it!
Comments
Holiday Scams Part 1–Shipment Scams — No Comments
HTML tags allowed in your comment: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>