Grace Hill Training Tip of the Week
Is that you, Boss? Don’t Fall for the Latest Scam
You may have read about, or been the victim of, an email scam that’s getting attention lately.
It goes like this: You get an email from your boss asking you to buy gift cards for clients. It’s urgent. The cards must be purchased right away. After you purchase the cards, you get instructions to email pictures of the codes on the backs of the cards to your boss. Eventually, you find out the email wasn’t from your boss at all. You’ve been scammed.
One of the best ways to avoid becoming the victim of a scam like this is to be vigilant and aware of things that don’t look or feel quite right. You and your common sense are your best defense.
Think about who is asking you to do something, or asking for information. Does this seem like something the “sender” would typically do? Does the wording seem like something that person would really say? Is there spelling or grammatical errors? If anything seems off, it probably is.
Pay attention to details like the sender’s email address and links in emails. Always be skeptical. It is often difficult, if not impossible, to know for certain who sent an email. If you have any doubts, before responding or clicking on anything, call or talk to the “sender” in person to verify the email is legitimate. For example, if the email looks like it came from your boss, call him or her to confirm before taking any other action.
Don’t click on links in emails or attachments if you aren’t sure what they are, or if they are unexpected, or strange. Researchers have found that cybercriminals use the following tactics to get people to click on a link in an email:
- They address you by name in the email
- They craft the message in a way that is meant to make you curious
- They spoof a known sender
- They match message content to one of your recent experiences, such as shopping on a specific website
Sometimes a link masks the actual website to which it links. If you hover over a link without clicking it, you’ll notice the full URL of the link’s destination in a lower corner of your browser. If this looks at all suspicious, don’t click it! Be extremely cautious in these situations, as cybercriminals can put any company name in a URL to make you think it is real. Only visit websites by typing a verified address directly into a new browser address bar. You can also use a free link scanner (such as URLVoid) to check links you think are suspicious. This service helps you identify websites involved in malware, criminal activities, and phishing websites.
Make sure you report anything suspicious to your supervisor and IT department immediately. Getting the word out about the scam will help ensure that none of your coworkers will fall victim.