In the years that I have been writing Scamicide, I have written many times about the extreme danger presented by phishing emails.  These are emails that attempt to lure you into  either clicking on links in the email that download harmful malware such as ransomware or providing personal information used to make you a victim of identity theft.  All phishing emails have in common that they appear to alert you to some type of emergency to which you must quickly respond.  Below is a copy of a phishing email that was sent to a business owner who is a Scamicide reader who unfortunately became a victim of the scam as did many other people.  As a result of clicking on a link in the email, malware was downloaded that enabled the scammer to gain access to the victim’s customer emails.  It can be expected that the scammers will use those emails and the knowledge of their relationship with the Scamicide reader’s business to craft more personally targeted phishing emails called spear phishing emails.  These spear phishing emails are even more likely to convince the targeted victims to click on links or provide information to their detriment.  This tactic was used against JP Morgan Chase a few years ago when they suffered a data breach after an employee clicked on a link in a phishing email and the scammers gained access to the names and email addresses of JP Morgan Chase’s customers to whom the criminals later sent spear phishing emails that lured their victims into an investment scam.  Here is a copy of the email sent to the Scamicide reader.

 

From: AT&T YAHOO <******@frontier.com>
Sent: Wednesday, June 3, 2020, 08:23:38 AM PDT
Subject: Yahoo Final Warning!
We have a new unified Terms of Service and Privacy Policy
Dear Valued User,
Today our records indicate that your mail is out of date due to some recent changes made to our software, Which has caused some incoming mails to be placed on pending status. Kindly UPDATE your mail now in order to be able to receive new mails.
Thanks,
AT&T
TIPS
While there are sometimes telltale signs that a phishing email is not legitimate, such as the email address of the sender not being one used by the real company, the lack of the real name of the recipient of the email when these are sent out as mass mailings, the lack of an account number or spelling and grammatical errors, there are many phishing emails that will appear quite legitimate in every fashion.  Remember my motto, “trust me, you can’t trust anyone.”  You can never be sure when you receive an email, text message or phone call as to who is really contacting you so you should never click on links, download attachments or provide personal information unless you have absolutely confirmed that the communication is legitimate even if the email or text message appears to come from a trusted source..  It is also important to remember that even if you are using the most up to date security software on your cell phone, computer or other electronic device, you are not protected from the latest forms of malware.  It generally takes the security software companies at least a month before they come up with security updates for the latest zero day defects.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide.com was recently cited by the New York Times as a good source for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”