Happy new year! Today’s first scam of 2015 is one that appeared in my own email. The email is reproduced below and was accompanied by an accurate depiction of the Sun Trust logo. This is an example of a not very sophisticated phishing email. Phishing emails or text messages appear to be legitimate and lure you into clicking on a link under various pretexts. DO NOT CLICK ON THE LINK. Clicking on the link will bring about one of two things. In the first scenario, you will be prompted to provide personal information that will be used to make you a victim of identity theft. The second scenario is even worse. By clicking on the link, you will download keystroke logging malware that will steal all of the information from your computer and use it to make you a victim of identity theft and provide the identity thief with access to your banking information and all the other sensitive personal information contained on your computer. The email I received is indicated below.
Your incoming messages were placed on pending due to our recent upgrade.
You have 1 new Security message From SUN TRUST BANK. Click the secure link below to confirm your account.
Security Adviser, ATM/debit card
Copyright © 1999 – 2014 SUN TRUST. All rights reserved.
Obviously if you do not have an account with Sun Trust or the purported sender of the email, it is easy to know that the email is a phishing scam. However, even if you did have an account with the sender this email had a number of other tell tale signs that it is a scam. First, the email of the sender was a personal email rather than an email indicating that it was from Sun Trust. Most likely the email was sent, as many of these are, from the computer of an innocent person whose computer had been hacked by an identity thief and made a part of a botnet or network of zombie computers used to send out spam and scam emails. A second indication that this is a scam is that the salutation was “Dear Customer” rather than using my real name, however, it is important to note that in spear phishing, your name and contact information may have been stolen in a data breach such that your real name could appear on a phishing email. Remember my motto, “trust me, you can’t trust anyone.” The risk of clicking on a link infected with malware is too great to take. Never click on a link in an email or text message regardless of how legitimate it looks until you have independently verified that it is indeed legitimate. In this case, you would need to call Sun Trust to confirm that indeed this was a scam.