Phishing and Email Scams
Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.
The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.
See just how clever these phishing scams can be in this example of a fake Charles Schwab notice. The following image highlights clues that will tip you off that this is indeed fraudulent.
Here are some clues indicating this email is actually a scam:
- The email is not addressed to the recipient. If the recipient was truly being notified by Charles Schwab that there was an issue with their account, they would know the recipient’s name.
- Again, they don’t know the recipient’s name;"Dear Customer" isn’t an identifier.
- The recipient hasn’t attempted to sign into a Schwab account, so could not have exceeded the number of attempts allowed.
- Grammatical errors: The words Online Banking are capitalized throughout the text. And, if you read carefully, the text says "Please visit www.schwab.com/activate Reset Account your account" which clearly doesn’t make sense, but since most people scan emails quickly, grammatical errors that are this small usually don’t get noticed.
- They try to reassure recipients by encouraging them to confirm the email is from Schwab….. by using a link they provide.
- Look at the 6th flag; this shows the true email address displayed when you hover your mouse over any link on this page (which is a red flag in itself, what company would have all of these actions point to the same link?). See that the website is actually http://almall.us? The scammer added the words /schwab.com/ after their website’s true name in an attempt to look legitimate, but this site is anything but legitimate.
Seeing any one of these flaws is enough to tell you the email is a phishing attempt – but what if these errors aren’t present?
A smarter scammer could have corrected all these mistakes, including knowing the recipient’s name and email address, and masking their URL in a much more convincing manner. If they had done a better job there would have been nothing in the message to trigger your alarm bells – even though the email would still be fake.
So how can you guarantee you don’t fall for a phishing scam?
Applying these two actions consistently will help to protect you from online scams:
- Call the Union hall for verification if you are unsure. Do not click on the links or you will potentially expose your computer to a Virus.
- If there is any monies owing to the union hall you will be notified by mail( not email) the amount and the methods of payment.