New Email Scam Gets Personal
COLUMBIA - Scam artists are getting personal — using your social media profiles to get you to click. The Better Business Bureau says it's seeing a new trend in email scams. It says it's a phishing scam and it makes it more difficult to tell if your emails are really from people you know.
The BBB says the perpetrators behind this recent wave of scams are using social media sites to acquire personal data like the names of your friend and family members, to help them send you more personalized fraudulent messages.
MU junior Isabel Casal got one of these messages in late January.
"I mean it looked super real," Casal said. "I was skimming through my emails on my phone and when a message from my friend popped up I clicked the link in the message without thinking about it," Casal said.
The message wasn't actually from her friend - and that's exactly how the scam is supposed to work. The Better Business Bureau warned of this specific scam in its January 25 news release. It explained how scammers scan through information on popular social media sites like Facebook, Twitter, and LinkedIn to find who you are connecting with. If you have this information private, some will even set up fake accounts and friend request you in an attempt to access your personal information.
The BBB said this new phishing technique is more successful than past scam messages because scammers tap into the notion that you may be less suspicious of emails sent from a friend or family member.
Casal said the scam was easy to fall for.
"I get so many emails throughout the day I don't have time to diligently look through each one," Casal said. "When it was from my good friend with a pretty uncommon name I didn't think twice about it."
Clicking the link didn't cause Casal serious damage to her phone but the BBB said falling for the scam on your computer can cause you to download dangerous malware and give scammers the opportunity to gather your personal data.
As scammers continue to get smarter and target individuals with more personal information, the BBB urges everyone to follow these tips:
- Reevaluate your privacy settings on all social media sites.
- Enable login notifications that allow you to know when someone uses a new device to access your account.
- Check the "header" field in an email. Your friend's name will show up in the "from" field, but the message won't be sent from their email address.
- Don't click on strange links, even from friends.
- Protect your information when using public Wi-Fi — text "otp" to 32665 to receive a temporary password to login to your Facebook account.
MU Information Technology Spokesman Terry Robb said there has been a recent rise in phishing scams in general. He warned people to take a second look at emails that might look official.
"A lot of the time it looks official but it may not be," Robb said. "The bad guys are just taking HTML, the web language, and putting in an email with logos and other details to make it look real. Don't always trust those things especially if they are asking you for personal information."
Robb said taking the extra step in verifying an email contact is worth the time.
"You can always make a phone call or mail a letter to see if it's legitimate," Robb said. "But never give your private information out over email unless you have initiated the email with someone you know to be true."
Another similar scam sent out to people with University of Missouri email addresses include personal messages from what looks to be a legitimate person, soliciting part-time job positions such as personal aids, shipping assistants, or dog walkers. The University says these scammers are check scammers who will send you a check from fake bank account. Due to the delays in the check processing of banks the cashed checks usually take 5 to 10 days to bounce giving you a false sense of security. The scammer will ask for you to wire partial funds back to them before the check has had full time to be returned unpaid.
Robb said the System has a large spam filter that tries to catch all of the bad messages before they reach students but some like these, make it through the cracks.
If you do click on suspicious link, the BBB advises to run a virus scan on your computer.