Consumer Protection Division Reports Significant Increase In Spear Fishing Scams
Utah’s Consumer Protection Division is reporting a significant uptick in spear fishing scams.
These scams are more common and effective right now because people are home more than usual and also tuned in to helping others in serious financial need more than usual.
WHAT ARE SPEAR FISHING SCAMS
These scams are done via impersonation of an acquaintance, friend or person from your business asking for money, usually via gift cards.
They may contact you through email or text message and appear to be from a legitimate contact of yours.
GIFT CARDS ARE FOR GIFTS, NOT PAYMENTS
Gift cards are for gifts, NOT payments.
Gift cards are a popular and convenient way to give someone a gift. They’re also a popular way for scammers to steal money from you.
That’s because gift cards are like cash: if you buy a gift card and someone uses it, you probably cannot get your money back.
Gift cards are for gifts, not payments. Anyone who demands payment by gift card is always a scammer.
Anyone who demands payment by gift card is always a scammer.
PROTECT YOURSELF FROM SPEARFISHING SCAMS
The use of spear phishing attacks to steal personal information and money remains a widespread problem. There are several steps you can take to help protect yourself—and your co-workers—from spear-phishing attacks, including:
Verify the email or text message with the sender.
Call the sender directly and ask about the email or text.
Scammers prey on people’s desire to respond quickly to requests from their friends, boss, or supervisor.
Taking the time to verify the email or text message could save you and others much more time and money down the road.
Read suspicious emails and texts carefully.
People often recognize that an email or text message is a scam when words are spelled incorrectly or there are grammatical mistakes.
Sometimes a scam email or text message is written in a tone that is different from the one the sender usually uses, or the sender might use a different version of your name—for example, an email is addressed to “Thomas,” but everyone calls you “Tom.”
If something seems off, verify that the email or text message is legitimate before responding.
Check the “from” email address.
Make sure that the “from” email address matches your company’s email address format or your contact’s email format.
Many email programs automatically display only the name of the person sending the email, rather than the full email address.
Before you send sensitive information or money in an email, make sure you are not sending the information or money to an outside email account where it is no longer secure.
If the address matches your company’s email format—or even the sender’s real email address—you should still verify suspicious emails or text messages directly with the sender.
Some scam artists hack email accounts or use technology to “spoof” their email address to make the emails look like they are coming from a legitimate source.
Guard personal information carefully.
There are often safer ways to relay sensitive information than in an email. Check with your company about its security policies
Contact your company’s technology department.
Many companies have security protocols that protect the information in their systems from attack.
It can be best to refrain from “clicking” on a link or downloading an attachment in suspicious emails, as doing so could jeopardize your company’s computer system.
Many email programs allow users to forward emails without opening them.
You may wish to ask your computer’s technology department about how to safely forward any suspicious emails you receive to a specialist
Be vigilant on the go and when you’re teleworking.
Company-issued laptops and smart phones may also be vulnerable to attack.
Smart phones, in particular, may be subject to spear phishing text messages, which can cause as much damage as an email can.
Don’t feel rushed by strange requests that come while you are out of the office.
REPORTING SPEAR FISHING SCAMS
You may report Internet fraud to the Federal Bureau of Investigation’s Internet Crime Complaint Center online at www.ic3.gov.