Beware of Scams

There are new scams and risks all the time. At KaiPerm, we want to help educate you to avoid these scams.

Recent Scams:

Last-Minute Holiday Shipping Scams: The holiday season is a time for love, joy, togetherness—and last-minute online orders! We’ve all been there: anxiously awaiting a package and hoping you didn’t forget anyone on your shopping list. The holidays have a way of creeping up on us, so expect scammers to be creeping into your inbox as well. Fake shipping notifications are especially popular during the holiday season. These can come in the form of an email (Phishing) or a text message (Smishing). Typically, the message will offer an urgent update about your package, such as a shipping delay, and you will be directed to click a link for more information. If you click the included link, you’ll be taken to a malicious website that asks for login credentials or other sensitive information. Any information entered on this page will be a gift from you to the cybercriminals! Here are some tips to keep you safe from shipping notification scams:

  • This attack exploits the stress and excitement of the holiday season. Don’t let the bad guys play with your emotions. Think before you click!
  • Legitimate shipping notifications will include specific order information, such as your shipping address, an item description, or the name of the sender.
  • Stay up-to-date on your orders by visiting the retailer’s official website. If you receive an unexpected notification, be sure to visit their website using your browser—not by clicking the link in the email.

Exploiting the Coronavirus: Phony Form from HR For many months, organizations across the globe have been working remotely due to the coronavirus pandemic. In a new phishing attack, the bad guys target your feelings of stress or excitement about returning to the office.  The phishing email resembles something that your human resources department might send about returning to the office. Attached to the email is an HTML file that includes your name in the file name. If you download and open this attachment, you’ll be taken to a file that is hosted on the file-sharing site, Microsoft SharePoint. According to the document, you must acknowledge the return to office policy by providing your username and password. If you enter your credentials here, the information will be sent directly to the bad guys and they’ll have the same access to your organization as you do. Don’t fall for this trick! Remember these tips:

  • This attack tries to exploit the uncertainty of going back to work in the office. Don’t let the bad guys toy with your emotions. Think before you click!
  • Never impulsively click on a link or download an attachment that you weren’t expecting, even if it appears to be from your own organization.
  • When in doubt, reach out to the sender by phone to confirm the legitimacy of the email before clicking a link or downloading an attachment.

Tricky Tags in Google Drive Phishing Attack: Phishing emails are often designed to trick you into clicking a malicious link. Most email clients, such as Microsoft Outlook and Gmail, have filters that add warning messages to emails with suspicious-looking links. Unfortunately, the bad guys are always finding new ways to bypass these security filters.  The latest way that scammers sneak past your email security is by taking advantage of the collaboration tools available for the Google Drive platform. The platform allows you to tag any user in a file by using their Gmail address. Once tagged, the user will receive a notification directly from Google. This means that if a bad guy tags you in a Google document, you will receive a legitimate notification from Google that includes a link to the bad guy’s file. If you view the file, you’ll likely find that it directs you to click another link. This second link is actually a malicious attempt to steal your sensitive information. Don’t fall for this trick! Remember:

  • Always be suspicious of emails or notifications from someone you do not know.
  • Never click on a link within an email that you weren’t expecting—even if it came from a legitimate website.
  • If you receive a suspicious email or notification, contact your IT department or follow the specific procedure for your organization.

 

Older Scam Information

November 2020 Scams

We look forward to helping you bank like you won't believe!