Phishing scams can be hard to spot. For example, we’ve been hearing about one where people get a text message saying that there’s a package waiting for them, and asking them to click a link to learn more. Sounds innocent enough, right? Unfortunately not.
The messages are coming from scammers. In some cases, they’re targeted at college students. In that version, scammers text returning students to say there’s a package waiting for them — sometimes claiming it’s been waiting since last spring, when many students had to go home from campus quickly.
Whatever the message is, this rule stays the same: If you get an unexpected text message about a package, don’t click on any links. If you think the message could be legit, contact the company using a website or phone number you know is real. But don’t use the information in the text message.
Why do you want to avoid clicking the link? Once you click, they can trick you into giving personal information — letting scammers steal your passwords, account numbers, or Social Security numbers. Clicking these links could also let scammers download malware onto your device.
Be sure to watch out for Russian phishing scams. This one in particular has sent fake invoices to an administrative email address through PayPal (as seen in screenshot) and also sent through the postal service. They most likely get your information from somewhere in GoDaddy’s systems and then pose as GoDaddy itself to try to get money out of you, or even use the payment information to steal your identity.
In this example, you can see that the GoDaddy image they used through the PayPal invoice is not the actual GoDaddy logo. Then below that, you can see that the person sending the invoice is obviously Russian. Make sure you don’t use PayPal for paying ANYTHING without confirming with the actual source first.
If you’ve gotten a fake invoice through PayPal, forward them the email to firstname.lastname@example.org and they’ll investigate it for you.
“Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them,” the FBI said. “Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to receive money or other benefits.”
Unsolicited emails that prompt you to click on an attachment should always raise a red flag when you’re checking your inbox. But these classic email phishing scams still lure unsuspecting users into downloading malicious items and giving up their login information every day.
With the news that the government is going to issue payments of up to $1,200 in coronavirus relief to US taxpayers in the coming month, the FBI recently issued a warning to be on alert for attackers masquerading as the agency and asking for personal information supposedly in order to receive your check. “While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money,” the warning said.
Among other steps to create a safer inbox, the US Cybersecurity and Infrastructure Security Agency recommends turning off your email client’s option to automatically download attachments. Not all email clients offer this and each client is different, but some do. Because social engineering attacks — scams designed to persuade you to hand over your sensitive information by targeting specific information about you — have become increasingly common in times of crisis, it’s also a good idea to read up on how to identify these security risks.
And remember, never reveal personal or financial information in an email, or respond to requests for it.