January 6, 2020 – The new year starts with phishing scam alerts. The Better Business Bureau (BBB) warns against a rewards phishing scam and members of the London veterans group First Hussars Association were targeted by a spear phishing scam. The BBB advises being suspicious about unsolicited email or text messages, especially if requesting money. Furthermore, they recommend not to click on links or download attachments from unknown email senders.
Rewards Phishing Scam
The Better Business Bureau (BBB) issued a warning about phishing messages which promise a reward for current holiday shopping using the layout of major retailers. The fraudsters are ‘sending phony emails and texts that look like messages from major retailers instructing you to redeem the reward points accrued during your holiday shopping.’
The unsolicited email or text message looks real with the logo and company colors of the spoofed retailer such as Amazon, Kohls or Costco. However, any company can be spoofed according to the BBB. The phishing message reads a subject line such as ‘new reward to claim’ and entails a link.
Anyone who received a similar unsolicited email is urged not to click the link and report the incident at BBB Scam Tracker. The scammers hide malware in the link or attachments and subsequently, can gain access to computers in order to steal sensitive personal information.
Spear phishing scam targeting London veterans group
Members of the London based veterans group First Hussars Association received two phony emails within a week. The scammers were posing as the group’s president Lt.-Col. Joe Murray and asked the members to send money according to the London Free Press.
The spear phishing scam targeted 140 retired members of the London based regiment. The scammers used an email address that looks similar to Murray’s address trying to fool the veterans into sending money. Luckily, no member fall for it.
After Murray found out about the phony messages, the veterans association alerted its members about the scam. To date, it is unknown how the scammers accessed the group’s email list.
How to protect yourself
Both scams can be classified as Phishing scams. The Canadian Anti-Fraud Centre explains that those scammers impersonate legitimate companies or another known sender such as a client or a boss by email or text message. Emails often request login credentials, personal or financial information to rectify “urgent problems.”
To protect yourself, the Better Business Bureau recommends not to click on links or download attachments from unknown or unsolicited emails. Check for the embedded hyperlink in the suspicious email by hovering your mouse over the link to verify the address.
Recipients of unsolicited emails are advised to have a closer look at the sender’s email address. Sometimes the fraudster will add an extra dash, dot or letter to the email address of the person or company they are trying to impersonate. Furthermore, email recipients are recommended to be vigilant for emails requesting money and independently verify the source.