Who’d a thunk it?
After all these years of me speaking with my kids, I never would have believed they’d click on an eMail from “Facebook”, notifying them that they need to change their password.
At least right after they did that, they called me up to ask what they should do. One can only hope that the hackers were not quick on the draw to gain access to their friends’ data (as well as my kids).
I’ve always told folks to never, ever click on such eMails. If one were to do anything, one should hit reply. And, examine the address from which the eMail came. (I actually check the headers, but some folks find that effort too difficult. This is simpler-but far less conclusive.)
If the “Facebook” address appears as support@facebook.hackersanonymous.com (or support@facebook.one.com or any other domain)., it should be obvious. Oh, sure it says facebook, but it’s not facebook.com.
The same rule applies if you get a request from PayPal and the return domain is not paypal.com (most likely, the eMail came from service@pay-pal.com). Or chase.com or irs.gov. If the request doesn’t come from the domain you know and love (or is that know and hate), then do nothing.
That also applies if some jerk sends you an invoice. Because nowadays, it’s not just word documents that can carry a virus- so can an adobe portable document (pdf), excel (xls), etc.
These are the sort of schemes that hackers have started using against students, who seem to be easily subject to such fraudulent requests- despite the fact that they probably know social media better than the rest of us.
It seems that a bunch of hackers have been sending fraudulent emails to students, hoping to glom onto the refunds these folks may be due. The system sends all their student aid to the school bursar, which means their tuition and fees bills are fully paid, but the school needs to transfer the balance to the student, so books, meals, etc. can be paid by them.
Just like the eMail my children received, a phishing attempt traverses the college’s website for students. The eMail may claim “updated billing statement issued”, with instructions to deal with the bill- that only affords their personal information to the hackers.
Yes, this means these thieves have already figured out the weaknesses of the college (or university) mail systems. (Many schools do not use two factor or multi-factor identification systems to keep their communication systems secure.)
The thieves are seeking those excess student aid funds, those dispensed by the US Department of Education to the higher education institution the student attends. Because the university will then proffer a variety of means for the student to obtain the funds- a debit card or a bank deposit are the most common.
The hackers then divert the destination to their own bank account, meaning the student never sees the money expected.
Caveat lector!!!!!!
I consider myself fairly savvy though I very nearly fell for a Gmail scam like this, where you get ‘logged out’ and have to enter your password on a screen that looks exactly like Gmail. If only low lying scum like internet theives could use that type of creativity and channel it towards putting something positive out into the world, who knows it could actually contribute to the world being a better place!
As long as we fail to be diligent, these guys will continue to exploit our failures, Megan.
Once a hacker got into our system and was downloading files to hold for ransom . Luckily, they were thwarted around the letter H. Now, twice a year, we are required to take an on-line test on spotting fraudulent emails. It’s not a bad practice.
Those demands for ransom serve as a great (but belated) wake-up call, Trish!
🙁
I fell prey once to a scam but was able to sort it out in time by getting hold of the scammers and giving them such an earful that they returned the money. Of course, I also reported them to the authorities. This was in the early days of scamming and I got so lucky!
That’s a great tale, Jessica. Glad that you came out whole!
ALL of this is great advice. I’ve been taught, in security training my employer requires, that the only safe attachment is a .txt
The hackers also will use domain addresses with such subtle spelling differences you will never catch it if you read it quickly.
Thank you for those great additions, Alana!
Thank you , Roy, informing article !
Thank you foe the visit and comment!
omg!!! thanks for the post I’ll keep in my mind before ever replying or following the instruction of such emails.
Glad to give advice to keep you safe, Richa.
so true 🙂 i have learned to check for the email id first.. even so, i actually do not click on the link itself. I login directly into my account through the website and then check for any updates or messages if needed.. 🙂
That is a safe approach,, Vidya!
There are hackers and crooks galore. One can never be too careful.
Interesting take on that, Alice.
This is such a great reminder for those that click links. I do like you, I pull down the info and check the address on just about every email. I never click a link even if it’s from a friend, instead I type it out. I have received so many Paypal and bank emails saying my account was frozen because they think someone hacked it. Ya right, it’s whoever sent the email to me! Thanks for keeping everyone on their toes!
Great advice to share, Martha!
I fear too many of us are inured to mindless clicking- only to find we;ve been subject to click bait.