SCAMS: New Email Scams!
Jamie Beckland, a chief product officer at the tech company APIContext, said he received a PDF document attached to an email that contained his name, address, and a photo of his house. Beckland told HuffPost that the email “made outrageous claims about my private behavior and claimed to have video documentation captured from spyware on my computer.” And that’s not all.
“The scammer threatened to release the video if I didn’t pay them via Bitcoin,” Beckland told the outlet.
Beckland is among a growing number of people targeted in the latest phishing scam that involves using photos of potential victims’ homes. Phishing is a cybercrime in which scammers send fraudulent emails and text messages or make phone calls to steal passwords, credit card numbers, bank account information, and other important personal data.
In the latest scams, con artists try to convince individuals that they have incriminating information about them. The scammers say they will share this information with the potential victims’ contacts unless a specific amount of money is paid in cryptocurrency, like Bitcoin.
According to Al Iverson, a cyber expert and industry research and community engagement lead at the software company Valimail, the senders likely found email addresses from a prior data breach that leaked personal information and then created an email using photos of local homes from Google Street View, a feature of Google Maps.
If you get a similar email, there are steps you can take to determine whether it’s a scam:
1. Compare your house and street imagery on Google Maps
Most images scammers use are taken from Google Maps and other online sources. Beckland told HuffPost he confirmed that the email he received was a scam by comparing the image in the PDF sent to him to the Google Maps Street View of his house. Beckland says if the image is copied from the Internet, it’s “clearly not legitimate.”
2. Closely examine the sender’s email address
Iverson suggests verifying the unknown sender’s email address to determine if it’s legitimate. “Check whether the sender’s email domain matches the official organization’s website,” Iverson told HuffPost.
To do this, go to the sender’s display name, take your pointer, and hover over the name to see what email address pops up. In some cases, you can highlight the display name and click on the down arrow at the end of the display name to see the email address.
Scammers typically spoof a display name to make it seem as if it’s from a legitimate source. However, if the email address is not legitimate, the email domain will not match the display name.
If using Gmail, Iverson says to “look for ‘show original message’ and review SPF, DKIM, and DMARC results.” These will verify the emailer’s domain to prevent spam, phishing attacks, and other email security risks. To find “show original message”:
1. Click on the three-dot hamburger menu at the top right of your email.
2. Click on ”Show Original.”
If the email is legitimate, it will say “PASS” next to SPF, DKIM, and DMARC. “All three should ideally pass authentication checks,” Iverson told the outlet.
Fraudsters have become experts at masking domains. Because of this, watch out for “lookalike” domains with slight spelling variations. Iverson said that if something seems too good (or bad) to be true, it probably is.
3. Beware when you see your own email address
People may take a second look when they see their own email address sent to them. Fraudsters know how to spoof your email address in the “from” address header.
“These scammers don’t have the time or ability to actually hack into your email accounts,” Iverson told HuffPost. “They haven’t found some secret
treasure trove of compromising photos. They’re just trying to scare unsuspecting people into coughing up money (or Bitcoin).”
4. Do not click on unfamiliar links, especially those related to payments
It’s common to receive an email that tells you to click on a link for more information. But, if the link is unfamiliar or looks questionable, do not click on it, Zarik Megerdichian, founder of Loop8, a company that protects personal data and privacy from data breaches and hackers, told HuffPost.
“Exercise caution any time you’re asked to click on a link in an email,” Megerdichian told the outlet. “Bitcoin transactions are irreversible, as are many other common payment methods, including Cash App and Zelle.”
Megerdichian further stated that you should cancel your credit cards, monitor your bank accounts closely, and dispute fraudulent charges if a scammer has accessed your financial information.
5. Update and change your passwords
If you suspect that your personal information has been compromised due to a scam, Yashin Manraj, CEO of Pvotal Technologies, which develops secure technology infrastructures for businesses, recommends that you immediately change all of your passwords.
“Use a new email address if possible and move critical financial or utilities to it, and then start reporting the case to the local police, the FBI and making sure your family is aware of the potential threat of a public shaming in the unlikely event that they did manage to steal some compromising data,” Manraj told HuffPost.
6. Do not negotiate with the scammer
Manraj advises not to negotiate with a scammer because responding to the email may place you on call logs and target databases that will make you vulnerable to further attacks.
7. Isolate Your Home Network
Another recommendation is to separate your home network with a different Wi-Fi network or router and use a virtual private network (VPN) for internet connections.
8. Be Careful on Public Forums
Avoid asking for specific help on public forums, particularly when uploading logs or error messages.
“Be especially careful when using virtual numbers and password managers on unpopular websites to avoid reusing personally identified information that could be used to access your important financial services,” Manraj told HuffPost.
9. Be cautious about the data you share going forward
Remember that personal data is a commodity, and businesses often collect more information than necessary to complete a transaction. When signing up for new websites or downloading apps, Megerdichian cautions against oversharing.
“Always ask yourself, do they really need to know that? It’s up to consumers to be proactive when it comes to their personal data,” Megerdichian told HuffPost.
How to report phishing scams
If you think a scammer has your information, like your Social Security, credit card, or bank account number, the Federal Trade Commission (FTC) recommends going to IdentityTheft.gov. where you will find specific steps to take based on the information that you lost.
You can also report phishing attempts to the FTC at ReportFraud.ftc.gov.
Source Links:
https://www.buzzfeed.com/poojashah1/new-email-scam-house-address
https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams