Sometimes, you get a well-designed scam email that you’re unsure if it’s a phony. Below, you will see a screenshot of a fraud email that nearly had us fooled.
Read on for details on a devious email making the rounds and ways to outwith these scams.
Here’s the backstory
This scam email hit our inbox earlier this week. It came with an invoice attachment claiming to be a receipt for a service charge related to the company being spoofed. In this case, Scribd, which is an audiobook platform.
On the surface, it’s difficult to see anything wrong. After the first glance, we noticed a few things that were decidedly off.
A couple of things jumped out to us:
- A sender with an @gmail domain in their email address instead of a branded company domain.
- Inconsistencies with the brand’s official website and other real messages. We noticed the prices and design don’t match, which is very suspicious.
- No hyperlink leading to the blog post is mentioned in the body.
- Mentions of paid fees we didn’t authorize.
We’re Scribd users, but we didn’t order this Spanish course. Always be wary of a sales rep who doesn’t appear to know much about your account, even if they have a realistic-looking invoice.
How to avoid phishing attacks
The email we’re talking about here was very convincing. But in the end, it’s just another phishing attack. Fortunately, there are ways to protect against phishing attempts like this. Here are some suggestions:
- Avoid the spam folder — Never open an email in your spam folder. Not only do you run the risk of malware being installed on your device, but it can tell the scammer that your email address is active. This will only lead to more spam.
- Safeguard your information — Never give out personal data if you don’t know the sender of a text or email or can’t verify their identity. Criminals only need your name, email address and telephone number to rip you off.
- Always use 2FA — Use two-factor authentication (2FA) for better security whenever available. Tap or click here for details on 2FA.
- Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails. They could be malicious, infect your device with malware and/or steal sensitive information.
- Use strong, unique passwords — Tap or click here for an easy way to follow this step with password managers.
- Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
Username mistakes you’re making that put you at risk online