I can’t count the number of times I’ve shared information about up-and-coming scams, helping consumers learn the signs to protect them from becoming victims of fraud. So the last thing I expected was to come close to becoming a victim of one of the phishing scams I regularly warn you about! Let me tell you my story about how I nearly got scammed…
Many of you know me as the person behind our blog, Facebook and Twitter accounts, but you may not know is that another big part of my job is media relations. Our office gets hundreds of media calls a year about various consumer issues, and I work with reporters to share information about the laws we oversee.
So what does all this have to do with my story of almost getting scammed? A few months ago I got the following email from a reporter I had spoken to in the past:
Clicking on the “View here” link in the email brought me to a website that looked a lot like a real file-sharing site – only it prompted me to enter in my email address and password. Strange. Listening to my gut, I sent the reporter back an email to his known address, asking him if he actually sent the email and if he could send the file using another method. Also, to be on the safe side, I called the reporter’s telephone number to talk to him (but it went straight to voicemail). Soon after, I got a follow-up email:
Still feeling weird about the whole thing, I opted not to follow through and figured the reporter would call me back if he was indeed on a deadline. Later that night, the reporter sent out a tweet that his email account had been compromised and that it was a scam.
Why did this scam nearly work?
Many phishing emails come from people you’ve never heard of, promoting you to quickly delete the email. In this case, it appeared that it was from someone I knew and had worked with in the past. We already had a business relationship, and I had a work-related obligation to assist (this appeal to familiarity is also how the grandparent scam works). Another reason the scam nearly worked was because all the sender’s contact information, from the email address to the cell phone number and the fax number, was correct! Phishing scammers normally insert in their own contact information in case you happen call to verify the email.
What were the tell-tale signs this was a scam?
The first clue was that I was blind copied on the email and the message content was not personally addressed to me. The second was the use of grammar, as the punctuation and capitalization was a bit off. The final, and most important, sign was that my gut was telling me something was not right.
How can you protect yourself from similar scams?
Keep all your personal information, including your email address and password, private. Delete emails that ask for sensitive information, even if they look legit. Finally, the biggest takeaway is to ALWAYS trust your gut: it saved me from being a fraud victim in this circumstance (and hopefully it will in yours, too, if you’re ever in a similar situation).