Phishing emails, including fraudulent Invoices from Online retailers, are one of the newest vehicles for cybercriminals to steal both personal information and your money. Since the Pandemic of COVID-19 began in 2020, many people have started working from home and shopping from home. According to the US Census Bureau, sales through e-commerce for 2020 were estimated at just over $790 billion. This number suggests overall sales increased more than 32 percent in a single year. While this is excellent news for online retailers, it has also been helpful for cybercriminals. As average consumers become more comfortable with online shopping and receiving receipts and confirmations by emails, scammers use these same techniques to steal from you.
Almost everyone is familiar with the Nigerian prince email scam, having circulated for more than a decade. For many years senior citizens have been targeted with scams that convinced victims that a beloved child or grandchild had been jailed in Mexico. According to the scammers, money sent by means other than financial institutions was the only way to ensure no harm would come to the child or grandchild.
Phishing Emails With Fraudulent Invoices from Online Retailers
More recent phone and email scams include scammers portraying themselves as representatives of the Social Security Administration, the Internal Revenue Service, or representatives of banking institutions. While many of these scams generally originate from international call centers, more sophisticated cyber criminals now use your online search and purchase histories to appear more legitimate.
Since so many more consumers rely on emails to conduct and confirm business transactions, scammers are also using them. Business email compromise is quickly becoming one of the most devastating online financial crimes. This type of scam involves the criminal sending an email that looks almost identical to a legitimate invoice from the same company. The email is generally a confirmation of an online purchase from a well-known company that the victim did not purchase, and the receiver of the item is someone other than the victim. The instructions in the email include a customer service number to call if any of the information is incorrect, which, of course, it is.
When victims do not realize that this is not a legitimate email, they call the phone number listed. Unfortunately, they are actually contacting the cyber-criminal. At this point, the scammer will falsely represent that they are with technical support, and their sole purpose is to help the unknowing victim correct the billing error. To help, they will need to confirm your personal information such as name, address, phone number, and financial information such as credit card or bank account numbers to return the funds to your account. In truth, by answering their questions, you are giving the cybercriminals all the information they need to either steal your money or, in extreme cases, steal your identity.
This is why it is imperative to protect yourself as much as possible. Before you open an email, take the time to consider if it may a phishing email. Look closely at the email itself. Does it contain grammatical or spelling errors because these are often a tip-off that you are looking at a phishing email? If you are not sure the email is legitimate, exit the email without opening any attachments or clicking on hyperlinks. Independently check online for the company’s contact information. Call them at the number you located online, not at the number listed in the email, and see if the email was legitimate. If not, report it immediately.
Another essential safety measure when dealing with suspicious emails is to never open any attachments from unknown senders. If the requester of information is pressing you to act quickly, be especially wary. If the email has to do with verifying your personal information, again, research the company’s contact information online and use their published information to contact them. When speaking with a representative, do not offer any of your private information but rather tell them you prefer to confirm or deny the information they should already have. If you feel you have been a cyber or internet-enabled crime victim, contact your federal police department immediately.
Read more – How to Avoid Getting a Malware Virus
You can report a phishing scam on the USA.gov wevbsite.