The state Office of Consumer Protection warns local businesses about fraudulent emails that have been going out with its letterhead and a spoofed account.
The emails from the spoofed account, firstname.lastname@example.org, are part of phishing scam, the office said, and an attempt to illegally obtain private information as well as to place malware on the victims’ computers.
Anyone receiving this email — which asks respondents to download a response form with a password — should not click any links associated with it, nor download any attachments.
“This email is an illegal attempt to deposit malware on the recipient’s computer,” said Stephen Levins, executive director of the Office of Consumer Protection, in a news release. “The Office of Consumer Protection never requests a business to download a password protected file through a link, like the one referenced in the email.”
The phishing correspondence addressed to business owners says: “We are formally notifying you of a claim submitted against your company with the Office of Consumer Protection. Your company has a rebuttal period of 7 business days from the receipt of this notice, to respond to the claim. The response must contain a final rebuttal and be no more than 5 pages in totality.”
The email goes on to say that there is a downloadable response form and instructions attached, and provides a fake, nine-number password. It tells the recipient that the response must be sent using the form.
“If we have not received notification from you within the allotted time the claim will [be] awarded to the party filing the claim,” the email goes on to say, “and they may take further action if they choose to do so, depending on the severity of the claim.”
In phishing scams, the office said, scammers use email or text messages to trick people into giving them their personal information and to steal passwords, account numbers, or Social Security numbers in order to access email and bank accounts.
Scammers launch thousands of phishing attacks like these every day, the office said, and are oftentimes successful.
The following is a list of tips to avoid phishing scams:
>> Do not click on any links listed in the email message, and do not open any attachments contained in a suspicious email.
>> Do not enter personal information in a pop-up screen. Legitimate companies, agencies, and organizations do not ask for personal information via pop-up screens.
>> Install a phishing filter on your email application and web browser. While these filters will not keep out all phishing messages, they will reduce the number of phishing attempts.
>> If you aren’t 100% certain of the sender’s authenticity, don’t click on attachments or embedded links; both are likely to result in malware being installed. Instead, open a new browser window and type the URL directly into the address bar. Often, a phishing website will look identical to the original. Check the address bar to confirm the address.
>> Similarly, never submit confidential information via forms embedded in or attached to email messages. Senders are often able to track all of the information you enter.
>> Be wary of emails asking for financial information. Emails reminding you to update your account, requesting you to send a wire transfer, or alerting you about a failed transaction are compelling. However, scammers count on urgency to blind you to the potential for fraud.
>> Don’t fall for scare tactics. Phishers often try to pressure you into providing sensitive information by threatening to disable an account or delay services until you update certain information. Contact the merchant directly to confirm the authenticity of the request.
>> Be suspicious of social media invitations from people you don’t know.
>> Phishers rely on your natural curiosity to click on the person’s profile “just to find out who it is.” However, in a phishing email, every link can trigger malware, including links that appear to be images or even legal boilerplate; scammers use your hijacked account to send spam to your friends, because spam from real accounts is more believable than spam from a fake account.
>> Watch out for generic-looking requests for information. Many phishing emails begin with “Dear Sir/Madam.” Some come from a bank with which you don’t even have an account.
>> Ignore emails with typos and misspellings. Recent real examples targeting TurboTax include ”Your Change Request is Completeed” and “User Peofile Updates!!!”