Site icon Virgin Islands Free Press

How To Protect You And Your Family From Nefarious Email Phishing Scams

The phishing email is one of the most devastating weapons that cyber criminals use to get their hands on your charity’s data, infect computers with malware, and steal money.

That’s why you should treat all unexpected emails with the utmost suspicion and never click on links or open attachments in any email you receive unless you are sure that it is legitimate.

It’s also helpful to know what phishing emails look like so that you can identify and delete them as soon as you spot them in your inbox. Below we explore some typical examples.

Example of Outlook phishing scammer operating in the U.S. Virgin Islands

Email account compromiser

The phishing email below will appear to come from someone you know, after their email account has been compromised by a hacker – Fiona Wilson, in the below example.

The email invites you to view a file with a generic subject like “Davey Fundraising Proposal.PDF”. Although you will not be expecting the email, the fact that it apparently comes from someone you have previously had communication with may convince you to click on the link to view the attachment.

Fiona Wilson has invited you to a folder titled “Davey Fundraising Proposal”

Fiona Wilson <fiona@Daveycapital.com>

Tue, 23 Mar, 12:13

Good Afternoon,

Fiona Wilson has invited you to “Davey Fundraising Proposal”

Review Folder: Davey Fundraising Proposal.PDF

Extension Type: PDF •Size: 8.49MB •Date Modified: 23/03/21

Fiona Wilson said: “I’d welcome any question or suggestion you might have. Thanks.

Kind regards,

Fiona

If you click on the link to view the file, you are taken to a web page which then says “To view the secure document, choose your email provider to confirm your identity” with a choice of email systems including Office 365, Gmail, and Outlook, along with genuine-looking logos.

If you click on one of the logos and enter your email user name and password, the hacker will then have access to your email account.

Malware infector

The following email could appear to come from a bank, a utility company, or any other business that you might have an account with, such as Apple, Netflix, Dropbox, or Facebook.

If you do have an account with that organisation, you may be tempted to think the email is genuine. However, poor English is a good clue that the email is likely to be a phishing email and the attachment is likely to contain malware.

Dear (email address)

Recently there’s been activity in your account that seems unusual compared to your normal account activities

This is detail you activity:

Location: 36 Paraduta Street, Carabobo, Spain

IP address (xx.xx.xx.xx)

Time: Thursday, April 15 2021, 02;37:05 AM

Platform: Windows NT 6.1

*YOUR ACCOUNT HAS BEEN DISABLE TEMPORARY

If you do not do this activity, maybe someone who has access to your account. To view the details of your case please download & read (Billing_Agreement_15042021.pdf) in attachment

Personal information stealer and malware infector

Cyber criminals also use a subject that you are likely to be interested in. The example below exploits the fact that many people are waiting to be contacted about a Coronavirus vaccination appointment.

This is a public health message from NHS

As part of the government’s coordinated response to Coronavirus, NHS is performing selections for coronavirus vaccination on the basis of family genetics and medical history.

You have been selected to receive a coronavirus vaccination

Use this service to confirm or reject your coronavirus (COVID-19) vaccination:

>> NHS – Accept Invitation

>> NHS – Decline Invitation

NOTE: The coronavirus (COVID-19) vaccine is safe and effective. It gives you the best protection against coronavirus.

Who can use this service

You can only use this service if you have received an email/SMS regarding this invitation. You can not use this service for anyone other than yourself.

You are also free to reject this invitation, your appointment will be issued to the next person in line in that case.

NHS National Health Service GOV.UK

By clicking on the links to either accept or decline the invitation, you will be asked for personal information that the cyber criminal may use for identity theft purposes, and you could also be directed to a “drive by” website which will attempt to compromise your computer using known vulnerabilities in software it may be running.

Another personal information stealer

Cyber criminals know that the tax year ends on 5 April and that many people would welcome a tax repayment. The following phishing email uses this fact to try to hook you into following its instructions without questioning it:

HMRC Payment confirmation

Dear XXX

Your repayment has been issued by HMRC

Tax P800

Tax reference PC37359839AP302222021

Payment reference 9acda9a2-e0cd-4793-65ca-1750d3cd2169

Amount to be paid GBP 520.99

Go to HMRC Online Payments Website

Why you got this xxx@hotmail.co.uk

You chose to receive payment confirmation by xxx@hotmail.co.uk

From HMRC Online Payments

The promise of a “GBP 520.99” repayment may be enough to tempt you into clicking on the “HMRC Online Payments Website”, but this fake website will ask for personal information such as National Insurance number and date of birth, and may also ask for passwords and other confidential information.

Bank log-on stealer

This is an example of a classic phishing email which invites you to view your account by clicking on a link in the email. In fact, the link will take you to a fake website designed to look like the genuine site, and when you enter you login name and password the hacker will capture them for later reuse at the real site.

This type of phishing email is becoming less common because most banks now also require some sort of two factor authentication method such as a code that is sent by text to your mobile phone.

Account temporarily suspended!

Dear client

As part of our security measures, we regularly screen activity in your bank account. We revently contacted you after noticing on your online account, which is being accessed unusually.

To view your Account

  1. Visit (bank.com)
  2. Sign on to Online Banking with your user ID and password
  3. Select your account

Sincerely

Customer Care

What you can do to protect yourself against phishing?

There are plenty of straightforward steps you can take. Here are the most important:

USVI Attorney General Denise George continues to alert residents of scams circulating in our community utilizing fraudulent checks and money orders. The Virgin Island Police Department’s Economic Crime Unit in St. Thomas and St. Croix have reported an increase in counterfeit checks and money order cases in the last several months.
Fraudulent Check/ Money order scams This scam in general sends the victim counterfeit checks or money orders.

The victim is instructed to deposit the item into their bank account, then purchase gift cards and call a number to give the activation information. The victim is promised some of the money that was deposited. The victim then deposits the counterfeit item, uses their own money, buys the gift cards, and calls the number with the information. The gift cards are redeemed then the phone number is disconnected. The victim’s bank then calls and informs the victim that the counterfeit item bounced, therefore resulting in a loss of funds. There are various variations of this scam, but this is the outcome. It could take a week or several months to discover that the check or money order is counterfeit.


Dept. of Justice Assistant Attorney General, Sigrid M. Tejo stated “Last year there were only a few reported cases. So far this year there have been over a dozen. These are difficult cases to investigate as the counterfeit items usually come from a mailbox that is not traceable. We have worked with the US Postal Service to help track the mail envelopes. The second obstacle is the phone number that is used to obtain the information from the victim uses several servers and satellites making it even impossible for the FBI to track”.

Who are the scammers?

Fraudulent checks and money orders are used in scams such as mystery shopping. The shopper who is hired receives an assignment, then a check is forwarded to the shopper with instructions to deposit it in a personal account and wire it to someone else. Once the money is wired, the sender can disappear.

Also, people apply online and get hired as personal assistants. They receive a check and are asked to use the money to buy gift cards. Once the scammers receive the PINs on the card, they used them instantly. The hired ‘personal assistant’ is left without the money when the bank figures out the check is bad.

Other kinds of fraudulent check scams
• Claiming prizes in sweepstakes or other online games: “Winners” are issued checks and told to
send money to cover taxes, shipping and handling charges, or processing fees.
• Overpayments: someone purchases something from you online “accidentally” sends a check for
too much and asks you to refund the balance.
When buying online, be sure to research the seller by searching online for the person or company’s name,
phone number, and email address, plus words like “review,” “complaint,” or “scam.” If everything checks
out, pay by credit card as opposed to debit, and keep a record of your transaction.
Also be aware of receiving calls, emails, or mail from individuals claiming there is a warrant for your arrest.
Steps to avoid fraudulent check scams
• Do not accept a check for a product or service for more than the selling price
• Ignore offers that ask you to pay for a prize. If it is free, you should never have to pay to receive
your win
• Never use money from a check to send gift cards or money orders
• Never wire money to strangers or someone you just met
If you wired money to a scammer
• Call the money transfer company right away to report it and file a complaint.
• If you paid with a money order, contact the company that issued it right away. You should also try to stop the delivery of the money order.

You can report these scams to:
VIPD Economic Crimes Unit (340) 774-3942, St. Thomas or (340) 778-1001, St. Croix
V.I. Division of Licensing and Consumer Affairs (DLCA) at 340-713-3522 on St. Croix or 340-714-3522 on
St. Thomas, or by email at consumerawareness@dlca.vi.gov. For consumer-related issues call the DLCA
(340) 727-SCAM (7226), St. Croix or (340) 771-SCAM (7226), St. Thomas.

You may also contact ConsumerResources.org, the consumer-facing website of the National Association
of Attorneys General

Exit mobile version