The number of scam emails we've all been receiving has been increasing. Many of these emails state that they are from Google Ads, and the email looks exactly like or is very similar to real email actually coming from Google Ads, but these emails are not from Google at all. We also get phishing emails about Facebook accounts, from various banks where we have accounts, and so on. It's not just limited to Google Ads by a long way.
These are called "PHISHING emails" (sounds like FISHING).
PHISHING basically means "information theft scam"—and they are a kind of email-based scam. They are an attempt to get you to give over to the scammer your personal or sensitive information like login details or credit card info. Phishing emails can look exactly like the real thing; the things we take as trust factors in emails are actually very easy to fake!
The worst of the phishing emails will encrypt the info on your computers and inform you that the only way to get access to your own data is to pay someone for a key code. This is Ransomware, and it can destroy a company. Take it seriously.
You are the only person who can protect yourself from being scammed. You need to know what to look for. We sent out a warning email to all our clients to inform them, which we are sharing with the general public here on this page.
What does a phishing email look like?
Phishing emails may surprise you as follows:
- They may have the exact accurate logo at the top of the email.
- They may appear to have the right links in them, at least visually, that look like they go to the real login page or website—but they don't!
- They may even have accurate "return" email address that checks out just fine, and are the same email address that is given in the non-fraud version of the email.
- They may appear to come from perfectly legitimate "from" email addresses that check out just fine (except if you follow up you find out that this was not who actually sent the email).
- They may look exactly like the real thing, and stand up perfectly in a side by side comparison when visually compared to an actual email from the real company.
Ocassionally, the scam artist is imperfect in his set-up and you can spot a flaw (such as a typographical error or bad grammar) in one of these phishing emails. But it's not as common to see a flawed email as it is to see a perfect fake. Perhaps they send out the flawed emails just to lure you into false security, to make you think you know what the scam emails look like, to set you up to fall more easily for the perfect-looking ones.
Most email virus filters or SPAM filters will not find and remove a really well-made phishing scam email. It's not good to depend too heavily on these programs to keep you safe anyway.
So, how can I tell it's a scam?
The ONLY difference that needs to be there for it to be a phishing email is that when you hover over the link, or click on the link, it does not actually go where it says it does. Instead, it takes you to some other website, set up to be a fake account that LOOKS like the real website in every way. That fake website has only one purpose, to steal your information! If you enter your login information, the criminals will hijack your account at the real website and use it to run up bills on your behalf, transfer your money out, or the like. If you actually give them a credit card number, they will siphon as much money as they can out of that card, either all at once or in small regular amounts so as not to alarm you into cancelling the credit card.
It is highly probable that most phishing victims never even figure out there is a problem. I know of a few phishing victims that did not know they had been victimized until informed of it by me or other trained consultants.
What do I do with a phishing email?
There are places you can forward phishing emails to in order to get the perpetrators stopped.
Also, there is an official agency to report these to:
Report them, then delete them.
A phishing website's going to look wrong, right?
No. They often look exactly right. If you follow such a link, the fake website may even be able to interact with you and appear legitimate on the surface, all the way up to the point where you'd normally be seeing sensitive data such as your credit card number or personal details. They are sometimes put together very cleverly. They are designed to lull you into false security and it is a nasty trap.
The ONLY way to avoid this kind of fraud is to NEVER click on link that comes to you by email. Even if you're absolutely sure it's from the real deal. Instead, use your own saved browser bookmarks, or go there directly by typing it into your browser by hand. Always look at what is in the address bar at the top of your browser. And install whatever protections your browser has for keeping you from giving your money to a known phishing website. We always have MalwareBytes and Webroot SecureAnywhere running on our devices, to protect against going to websites that have known malware.
Please note that there are phishing emails being sent out about every kind of data: online accounts where one advertises, bank accounts, social media accounts, Amazon, eBay, PayPal, Instagram, TikTok, FaceBook, Youtube, your email account providers, Social Security, Medicare, educational sites, and so on. Essentially, you can consider that if you have a login somewhere, you'll probably see phishing emails for it sooner or later.
Do not follow any link sent by any email of any kind and you should be safe against this kind of phishing attack. If you really MUST follow an email link, double-check the actual address you have been taken to in your browser before you EVER enter any information into a form there.
Here is more information on further actions you can take to protect yourself against fraud and phishing, from Fraud.org and the Cybersecurity & Infrastructure Security Agency(US)
It can be very difficult to repair a phishing breach and may require cancelling credit cards, closing accounts, and it can be a huge hassle to correct a small slip up involving an email scam. Please be vigilant! This company was founded by an old friend and co-worker of ours ("Hi, Stu! It's been a long time since Snow Software!"), and exists solely to teach companies how to protect themselves: KnowBe4.com. They offer "Security Awareness Training" and we highly recommend you use their services before you get hacked or scammed or become a victim of ransomware. The bigger your company, the more you need them.
If you've already fallen victim to a phishing scam, you need to stop up the gaps to protect yourself from further damage. Consult a lawyer for recourse options. Of course I am not giving legal advice here (I'm not a lawyer): my advice stops as soon as you've become a victim to this kind of criminal activity. But if it were me, I'd close down all affected accounts and then change my user names and email addresses and passwords combinations absolutely everywhere, no matter how much of a pain it seems or how unlikely to cause damage to the rest of your accounts it may seem to you. Doing this should help contain any further damage.
If you've already fallen victim to ransomware, then you may need to hire the services of a data recovery expert to get your files back (or recover them from backups), or just pay the ransom and learn from the experience.
Speaking of backups, you ARE backing up your computer files and your website (and its databases) every day and storing them off-site, yes? And keeping your passwords in some secure system such as MSecure? The systems to do this are easy to set up, easy to use, and vital to have in place in case you or a co-worker or spouse is hacked, phished, or your data is held ransom.