Do you open every email you receive, even from senders you don't know?
This scam looks like just another email message from your company’s IT department. It’s so mundane, it’s easy to click without thinking. But be sure to give this email a second look before you do.
How the Scam Works
You get an email that looks like a message from your company’s IT department. The version that hit BBB inboxes has the subject line “[name]@[company.com] update required” and appears to come from email@example.com. According to the message, your email has reached the storage limit, and “you will be blocked from sending and receiving messages.” The message instructs you to click a link to validate your account and add storage. In a clever move, the scammers even made the link look like your email address. But in the version BBB received, the link really points to a website with an overseas domain name.
Clicking the link takes you to a log in form that asks you to enter your email address and password. If you do so, you receive a message confirming that the extra storage was added and the problem is fixed. But don’t believe it! The form is a fraud. It’s really a way to steal your email password, which opens you up to identify theft.
How to Spot a Phishing Scam:
- Be wary of unexpected emails that contain links or attachments. Do not click on links or open files in unfamiliar emails.
- Don't believe what you see. Just because an email looks real, doesn't mean it is. Scammers can fake anything from a company logo to the "Sent" email address.
- Check your company's IT department or internet service provider. If something sounds suspicious, confirm it first. Contact them directly from a number you know is accurate. DON'T click on any links in the message you suspect is a scam.
- Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Always be wary of messages that don't contain your name, last digits of your account number, or other personalizing information. Pay attention to the ways in which your IT department normally addresses concerns and be cautious of any new method.
- Use unique passwords: Use different passwords for each account you create. This is the simple way to reduce your risk if one password falls into the hands of scammers.
For More Information
Read more about phishing on the FTC website and see examples of common phishing scams. To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker).