This Scam Poses as an Update to Your Spam Filter

  
     
Don't be so quick to update your computer software.
December 21, 2015

This scam has an ironic twist.  It's a phishing email that claims to be an update to your email service to protect against scam emails. Who says scammers don't have a sense of humor?

How the Scam Works:

You are at work, and you get an email that appears to be an update from your office's IT department. The message, with the subject line "Mailbox Helpdesk" (or something similar) informs you that "new security updates need to be performed on our servers, due to the rate of phishing." To get the update and protect yourself against these phishing emails, just click the link and log into the IT help desk. 

Don't do it! The "software" to protect your inbox from phishing emails is actually a phishing scam itself. Clicking on the link will download malware to your computer or mobile device. 

This scam is targeting business and college email addresses. Like many phishing scams that pose as office updates, such as emails from the scanner or voicemail, scammers are hoping busy employees or students will click without thinking. 

How to Spot a Phishing Scam:

  • Be wary of unexpected emails that contain links or attachments. Do not click on links or open files in unfamiliar emails.
  • Consider how the company normally contacts you. If a company usually contacts you by phone, be suspicious if you suddenly start receiving emails or text messages without ever opting in to the new communications. 
  • Don't believe what you see. Just because an email looks real, doesn't mean it is. Scammers can fake anything from a company logo to the "Sent" email address. 
  • Check your company's IT department or Internet service provider. If something sounds suspicious, confirm it by checking with authorities at your company or ISP. Contact them directly from a number you know is accurate. DON'T click on any links in the message you suspect is a scam. 
  • Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Always be wary of messages that don't contain your name, last digits of your account number or other personalizing information. Pay attention to the ways in which your IT department normally addresses concerns and be cautious of any new method.

For More Information

Read more about phishing on the FTC website and see examples of common phishing messages.  

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scam). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker).