Common Scams to Beware of
- Your IT staff will never ask for your passwords in an email.
- Your HR department will not ask for Personally Identifiable Information like your social security number or birth date in an email.
- You will never receive a legitimate fax or document or image from a generic email (e.g. fax@yourdomain).
- Your Bank/Credit Card/Social Media/etc. will never contact you asking for account information to verify that you own an account.
- Never transmit personal information via email
If you receive an email asking for information, be sure the email was intended for you and that the sender is verified. Do not respond to the email to verify this – call or contact the person directly.
There have been many instances of employees receiving emails posing as their own organization. If you see an email from your company or from another organization that seems out of place, be sure you verify directly with the listed sender that the call to action is legitimate.
These emails tend to look like they come from a trusted source and say, “I need to verify some information in this form with you.” So be careful any time you receive an email requesting personal information and do not click any links. Similar phishing tactics are tied to an urgent call to action requesting personal information and involve warnings around some dire reason you should respond. (e.g. We need to verify your [bank] account number to make sure you are the valid owner or we will close your account.)
NOTE: Most of these scams also appear in the form of sophisticated phone calls (This is your helpdesk following up on that issues you had… I’d be happy to help you, what’s your user name? What’s your password?…) In this attack commonly known as pretexting, the attacker has done prior research and seems to know you and what you are looking for. Don’t fall for the trap.”