The phone rings. The caller ID says it’s your attorney’s office. When you answer, you are told you owe your attorney additional money and are directed to call a toll-free number. When you call the number, you are told how to pay the money owed to your attorney. Would you pay?
This scenario is just one of many recent spoofing and phishing scams playing out across the country. Spoofing occurs when the scammer makes a call or email appear as though it originated from somewhere else, while phishing occurs when the scammer tries to trick you into revealing sensitive information. As the scammers’ sophistication continues to grow, it is becoming increasingly difficult to determine whether the phone call or email you received is legitimate.
For example, one recent scam attempt involved an email from an organization’s CEO to its human resources and accounting departments asking for employee W2 information. These sort of scams are possible due to the plethora of publicly available information. Phishers are able to determine the key players in an organization and target them, using emails that appear as if they are coming from other employees.
Another scam being perpetrated is an email from your attorney asking you to look at the attached contract and fill in the applicable areas. The link contains a virus which can gives another individual control of your computer, access to your personal information, etc.
With the spoofing and phishing increasing in sophistication, what can you do to protect yourself and your company? Listed below are several tips to help you stay protected:
- Maintain updated anti-virus, antispyware and firewall software
- Pay attention to:
- The e-mail address – Is it from a suspicious domain name (ex. cozen.om)?
- Who the email is from – Do you know them? Is this an unexpected email or unusual email with an attachment or link? Was it sent to a group of people who normally would not be cc’d together?
- The tone of the email – Is this email out of character for the person who sent it?
- The subject line – Does the subject match the content of the email?
- Any links – When you hover over the link, is the link to a different web site? Is the link spelled correctly (ex. www.cozzen.com)?
- If you have any doubts, contact the sender by phone.
- Verify any payments required by calling a phone number you have or found independently of the call or email.
As phishers continue to increase their sophistication and abilities, individuals and companies need to continue increasing their security measures and knowledge.