In light of a recent suspicious email that circulated among IWOC members, I thought it might be appropriate to reprint a previous post of mine along with a few new thoughts. Never hurts to revisit tips we should all keep top of mind in order to make ourselves less vulnerable to hackers and scammers. I hope these help: 

In terms of privacy, the only thing that’s safe to say is that that nobody’s safe. If you so much as glance at a YouTube video, peek at a website, have a website, subscribe to anything online or even simply “like” something – boom! You’ve just given away a part of yourself. Your habits, your information – it’s all out there, and most aggravatingly, you’re now prone to be a victim of scams. Such as the one that was raised at our September, 2020 Roundtable meeting – which triggered other scam stories.

One member – let’s call him Brian -- confessed that he was contacted for what seemed like a fabulous writing assignment from Biogen -- a well-known biotechnology company. Problem was, the “assignment” wasn’t really from Biogen. After going through hoops filling out forms and providing some pretty private information, the red flags starting waving. It had to do with requesting that Brian deposit money in a bank account. Fortunately, Brian then ceased all communication and suffered no real harm – other than wasted time and remorse for having been so trusting. 

How did this all happen? Could have been that the member’s email was “scraped” – a process where spammers obtain email lists from other spammers. If your email is on the net, you’re vulnerable. Now think of all the places where you’ve entered your email, hm? Let’s just say, lots. So I’d like to offer a few security tips, some from personal experience, some from what I’ve heard. While they aren’t guaranteed to keep you scam-proof, hopefully they could help prevent such occurrences. 

1. Regarding the latest “job offer” scam that our members received on 1/11/22. Just like that one, watch out for those that offer general flattery and purport to offer jobs, but never tell you a dang thing about the supposed job being offered – and then ask you to click on a link and apply. A strong chance it’s phony. The 1/11/22 notice also told you to click on what looked like a very weird website that didn’t even relate to the sender’s (weird) email or the name of a company (which, by the way, wasn’t mentioned). All those are big red flags. Do. Not. Click. Ever.

2. When providing your email address, replace the @ with “at”.  So it looks like:  “Alice at gmail.com”  I’ve even seen: “Alice at gmail dot com”  Looks illiterate, but supposedly these obfuscations have some degree of success in foiling the scrapers. One drawback is that it may be annoying to business prospects. So this method is up to you. Click here to get more opinions on it.

3. As mentioned in #1, sender’s email address is weird. Whether it’s seemingly from a prospective client, your bank, credit card company or any company you may have dealt with, if the sender is telling you to click on a link, DON’T! DON’T CLICK ON ANY LINKS. Look at the sender’s email address. It’s not Kosher if the address is totally different from the company it claims it’s from. For instance...

I received an email supposedly from my email provider, with their logo in the message area. Looked good! But uh-oh. They told me that my account “is about to be disconnected, so CLICK HERE TO REACTIVATE!!!” Their email address had nothing to do with my provider’s name. So I immediately marked it as spam and trashed it. (It also made no sense that my account was to be disconnected. I keep meticulous records and my auto-payments were in good standing.)

4. But even if the email does have the “correct” name, it often can include some nonsensical figures, such as in the Biogen email one member received, which was followed with a grouping of odd letters after the word “Biogen.” A dead giveaway. That being the case, trash it immediately or relegate it to “Junk.” You can also block suspicious emails. 

5. Check spelling. What if the email does look totally legit? Closely examine the message area. It might look like a genuine logo or banner. But there’s most ALWAYS a tell. Misspellings. Grammatical errors. Odd wording. Case in point: Normally I get alerts from USPS when a package is being delivered. The other day I got a so-called alert from tracking@usps.net. That email address sure looks like it was from USPS, no? But the legitimate alerts are always from “auto-reply@usps.com” (Note: not “.net”) Also, within the message, “USPS” was spelled “Usps” – upper and lowercase letters. Again, dead giveaway. Plus, the info in the message was unlike the usual messaging. Into “Junk” it went. 

6. Enter url separately in your browser. Say the email looks legit, company logo, graphics, etc. You’re directed to click on a link to “update your information” or credit card, etc. If there is a website listed in the email, and you’ve an account with that company (bank, email server, etc.), quit that email, go to your browser and enter the company's actual url separately. If you have anything to correct or update with your account, you’ll know it by going to your profile. Either you’ll have a message waiting, or you’ll see for yourself if any info needs updating. Still have questions? Call the company. If it’s legit – or not, they’ll tell you so. 

7. Google the company name or key word followed by the word “scam.” If Brian searched “Biogen scam,” he would have seen a list of reports of the scam that borrowed the name of this reputable company.  "Apraxia scam" also is infamous, and is one that keeps popping up in our emails.

8. How is the email signed in the signature area? If there's no name, that's a huge hint that something is off.

9. Call.  If there's a phone number, call them! This could tell you a lot about the legitimacy. Especially if you can get in a convo with them. Trust your instincts.

And finally...

10. Never open an email from the IRS. They never use email. They only send directly through USPS.

These are just a few of the warning signs that when not heeded, can open you up to computer viruses and worse.  Be vigilant. The best rule of thumb is: Don’t click on anything or respond to anything that looks the slightest bit suspicious. Trust your instincts. It’s safe to say, they’re usually spot on.

-- Laura Stigler

 P.S. Have more hints? Just click the 3 dots by the headline to comment.