Scam of the Month...Email Update SCAM

Medfield MA

02 November, 2021

10:07 PM

Description

Medfield's Computer Mom, Julie Marto, shares her thoughts.... November's Scam of the Month, the "Email Update Scam" "I see so many scam and hack attempts that I am adding a feature to my newsletter - Scam of the Month. In these articles, I hope to explain common scams, how to avoid them, and what to do if you fall for one. The Scam of the Month for November is the email update scam, probably the most common scam I see right now, and one that many of you have been affected by. How it works: The email update scam attempts to steal your email credentials by scaring you into clicking on a link to "update" your email settings. You get an email pretending to be from your email provider, usually AOL, Yahoo, Verizon, Microsoft, or Comcast. The email has an urgent call to action, telling you that they have made changes to their system and this is your last warning - if you don't click on their link and update your email credentials, you will lose access to your email account. You often find these emails in your spam mailbox, where they belong, but some make it through the spam filters, and show up in your regular mail inbox. They can look very convincing, with accurate logos and email addresses that seem official, but often they have flaws you can detect if you look closely, like poor English grammar, or return address domains that don't correspond to the site they pretend to be from. What they are trying to do: This is a straightforward phishing ploy to steal your email credentials and gain access to your email account and your contacts. If you click on the link and type in your email address and password to "fix" your account, the criminals record that information, and can now log into your email account. Once they have access to your email and contacts, they can set in motion whatever scam they have in mind. The most common scam I see when email addresses have been hacked is the gift card scam, where all of your contacts get an email asking them to buy a gift card for you as a favor. Other scams I've seen involve communicating as you with your bank, trying to authorize a wire transfer of your funds. Your email address might also be used to send spam, or for other criminal activity. What else can happen: Once a scammer gains access to your account, they typically put email filters in place to hide their activity from you. They also often create a lookalike account with your name on it, and add all your contacts to that account. so they can continue to attempt to scam your friends even after they have been kicked out of your real account. I have also seen them delete all your legitimate emails, and all your contacts, so you cannot warn your friends about the scam. In a few worst case scenarios, I have seen hackers set up their own two factor authentication on stolen email accounts, locking out the original owner,who loses control of the account forever. You don't want that to happen! How to avoid the scam: Your email provider will NEVER send you a message with a link saying you need to log in to update settings. If you get an email like that, you should ignore the instructions and delete it, especially if it's in your spam folder. If you are truly concerned that it might be a legitimate change, don't use the link provided. Go directly to your email provider's website (www.aol.com, www.yahoo.com, www.outlook.com, etc) and log in from there. What if you fall for it: If you have given your email credentials to scammers, time is of the essence. Very often, the first way you know you have become a victim of this type of scam is through your friends, questioning emails "you" sent asking for gift cards. The first step is to change your email password, which should kick the scammers out of your account. However, there are other cleanup steps that need to be taken - filters removed, forwarding email addresses found and removed, application specific passwords revoked, and attempted recovery of deleted emails and contacts. The sooner we eject the scammers from your account, the less damage they can do. You should alert your friends that you have been hacked, and warn them to be on the lookout for strange messages from you. You should also tighten up your email security settings, adding two factor authentication, and notify your financial institutions that your email has been compromised. Be very careful out there - these hackers are good at what they do, and these types of attacks are on the rise. It's much better to avoid the scam than to have to clean up after it!" Learn more from Julie!