Scammers will concoct any number of believable-looking lies in pursuit of your personally identifying information. They’ll pretend to be anyone and claim anything to get you scared, anxious and uncertain. They know that’s when you are most likely to make mistakes.
A new circulating scam is a remix of that old con. The Better Business Bureau reports this week on a new malware distribution scheme.
In this scheme, the scammers email you pretending to be from your email service provider (Google, Yahoo, etc.). They’ll tell you you’ve exceeded your email quota or that you have “deferred email.” The email will instruct you to follow a link to retrieve your un-checked email. Other variations of the scheme will tell you that you need to “update your personal information” to continue using your email service, which will require you to click a link to log in.
The link is to a malware download site, and once you click the link, you’ll be infected. The breed of malware will vary from attempt to attempt. Some may only bog down your computer with popup ads and other irritations. Others will root through your browsing history and personal files, looking for account numbers, personal information, and passwords. You may never know you’ve been infected until you get an unexpected credit card collection call.
Some scammers have gotten more sophisticated with the initial pitch, and will include “unsubscribe” or “change notification settings” in the footer of the e-mail. People looking to reduce the amount of unsolicited email they receive might click this link. They would be disappointed to learn that this link will also direct them to malware download sites.
If you’re looking to keep yourself safe from this new threat, here are three steps you can take.
1.) Know your Terms of Service
While there are upper limits on the amount of email your service provider will store for you, unless you’re sending DVDs worth of information regularly, you will never approach that limit. Gmail, for instance, will store around 65 gigabytes of email data for you. This is bigger than the biggest memory card available for your camera. If you received 23 professional-quality photos every day, it would take you a year to exceed your storage limit, assuming you never deleted any of them.
Email service providers also set some limits on the number of emails you can send, but if you’re clicking the send button each time, you’ll never exceed that frequency. These limits are designed to prevent malicious or fraudulent activities, which is why they target automatic message sending. If you’re running a business out of your home, you might worry about tripping this limit. For your personal email, though, this will never be a concern.
If you’re expecting an email regarding a job interview, family news, or other significant life event, be proactive. Contact the person you’re expecting to hear from and ask for an update. Sitting and waiting creates anxiety, which makes an environment ripe for scams.
2.) Don’t follow mystery links
If you receive an email from someone you don’t know, and it contains a hyperlink, don’t click it. Even visiting malicious websites can infect your computer, causing untold damage. Even if the message comes from someone you know, if there’s no context for the link, don’t click it.
You can take steps to figure out if the message you’ve received is legitimate. Look at the “from” line. The message may appear to be from “Google Admin,” but the email address might be email@example.com (for example). If the second part of the email address (the domain) doesn’t match what you think it should be, it’s probably bogus. If there’s even a shred of doubt in your mind, don’t click.
Part of practicing good Internet hygiene is keeping your computer away from dangerous websites. Even if you think there’s nothing on your computer worth stealing, your computer could be used by scammers to cause serious damage to your friends and family. Stay safe, and keep your friends safe, too.
3.) Report suspicious activity
Email service providers take these scams as seriously as you do. Someone is trafficking in their good name to exploit their customers. They are eager to put a stop to it to keep their brand image safe and their customers happy.
If you have any doubt about the legitimacy of a message, forward it to your provider’s abuse address. Gmail has an option to “Report phishing” in the drop-down menu next to the reply button. Yahoo and Hotmail offer similar functionality. For larger corporations, try forwarding the message to “abuse” or “admin” @ the company’s website – firstname.lastname@example.org, for example.
These companies would rather sort through a thousand false positives than let people continue to defraud their customers. They value you because they’re providing you a service. Don’t hesitate to let them know something’s amiss.