You receive an email that appears to be from E-ZPass. It uses the correct colors and logo and appears to be collecting money from an unpaid toll. The message says you have ignored previous bills and urges you to pay immediately by downloading an attached "invoice."
You download the attachment, but nothing seems to happen. Not true! You just downloaded a virus to your computer. These viruses scan your machine for personal and banking information, which opens you up to the threat of ID theft.
As always watch out for variations on this scam. As the con evolves, scammers might change to phishing phone calls or link to a compromised or fraudulent third party website instead of an email attachment.
How to Spot a Phishing Email:
• Watch for look alike URLs. Be wary of sites that have the brand name as a subdomain of another URL (i.e. "ezpass.scamwebsite(dot)com") or part of a longer URL (i.e. "ezpasspayyourtolls(dot)com.")
• Hover over URLs in emails to reveal their true destination. Scammers can make links appear to lead to a legitimate website, when they really point to a scam site, like the examples above.
• Don't open attachments from unfamiliar sources. Legitimate businesses rarely send unsolicited emails with attachments. Always confirm an email is real before you download anything.
• Consider how the business normally reaches you.
Most businesses send invoices by postal service, in the body of an email (no attachment) or by asking you to log into your secure account.
• Contact the business. When in doubt, call the business's customer support line to check the legitimacy of the email. Be sure to find the phone number on your bill or by a web search -- not the email or website the scammers gave you.
For More Information
To find out more about scams or report one, check out BBB Scam Stopper.