Don't Get Scammed: Part II
By: Steven Topham
As reliable as the rising of the sun, the targeting of good and trusting people by scammers goes on and on and on. As a few new ones have popped up recently, I thought it was time for another primer on protecting yourself. This one will be a bit simpler with examples of what to look for. If you missed the first one with all the juicy basics, you can find it here.
First off, a rehash of the super basics: If you are uncertain of an email, just delete it. If you didn't request a link or a file from someone, don't click or open it.
Scammers must think church members are easy targets, because a round of scam emails have gone out to our congregation in the last week. Previous scams have targeted our staff members. This time, they went through our website and found emails for our group leaders. Below you'll see the header of the email. It claims to be from Pastor Greg, but is not from his work email address. The scammer went to the trouble of creating an all new Gmail address with his name within the address in the hopes of tricking people who know him. The initial fishing email is brief and just hopes to initiate contact.
If you reply, they'll ask for a gift card or some other type of 'currency' that can be digitally transmitted to them. Besides asking you to volunteer or join committees more often than you may like, no one on the Foothills staff will randomly ask you to run errands for them. The scammers get pretty insistent once contact is made. They send emails frequently, checking in and expressing the urgency of their request.
For these types of scams, you just have to be aware and vigilant. To reiterate what I said in my last article, online access is a bit of privilege in which you open yourself up to the entire world. That type of access requires you to be savvy.
I was targeted by another type of scam at my business email.
As I mentioned in the first scam article, it is easy for a hacker to impersonate an email address. The above scammer didn't, but this next one did. All they had to do was send their email through a special software program. So, I get an email from myself, which would seem to mean that a hacker has gained access to my account. In the body of the email, they make a lot of generic and bold claims about my internet usage and they say they have access to my webcam and have taken pictures of me. No proof is included, just a lot of threats and a demand for payment in bitcoin. In the header of an email, you can get all the information you need. In Gmail, you have to click a little arrow to get those full details. As you can see in the screenshot, the email appears to come from my account, but is actually routed "via" a software program. The scammers are persistent and send multiple threats a day, each one routed through a different program. You can also see on the far left that Gmail added a gray box with an exclamation mark to try and let me know to be aware. Those flags are not always there.
The third and final scam I'll write about today was sent to a friend of mine and is similar to the Instagram hack in my first article. My friend received an email from a trusted colleague with a short request for a work bid and an attached PDF that the scammer said was for clarification of the request. My friend opened the PDF and it came up with a window asking for their email address and email password to open the document. If my friend had entered those fields, their email logins would have been sent directly to the scammer, who would then be able to take control of my friend's email account. Never give out your passwords. Never input your passwords unless you have chosen to go to a website where you have created an account and know that you are on the correct page. If someone you trust sent you a document and you think it's legitimate and then the document or link doesn't act as you'd expect it to, ignore it.