Security Alert: How to Identify A Suspicious Scam Email
Please note: This blog is current to the date of its publication, Thursday, Feb. 18. For additional updates or assistance navigating these uncertain times, please contact us or visit our SST COVID-19 resource page.
As technology and digital communication improves, so do malicious attempts at stealing your information, identity and finances. Because of this, it’s important to stay up-to-date on ways to identify potential hackers and protect yourself and your organization from harm.
Recently, an SST partner received the following spam email from a hacker disguised as the Small Business Administration (SBA). While this message may have looked good on the surface, the sender is ultimately a bad actor who used multiple tactics to try and reach their goal of stealing our partner’s information. Below, we outline how our team spotted it as malicious.
For more information on digital security and the steps you can take to guard your information, contact the experts at SST today.
- The logo at the top of the email is slightly blurred, indicating that the image has been inserted as a JPEG into the email and is likely a snip taken from a document or website rather than an original vector logo.
- This link to the IRS website embedded in the email is a malicious link that actually redirects the reader to a fake, encrypted website designed to trick you into entering personal information and credentials. It also likely deploys a virus or script in the background of your computer once it’s clicked. A good rule of thumb is to always use your mouse to hover over links within an email to verify that the link is not pointed to an alternate web address.
- The phone number and extension at the bottom of the email does not match the phone number given for the SBA office in the image at the top of the email. It also does not match any known number on the SBA’s official website. Always do your due diligence and confirm phone numbers and email addresses, if possible.
With many people and businesses eagerly waiting for COVID-19 relief updates, it’s more important than ever to stay vigilant and assume that any email could be a ploy to get your sensitive data or access to your systems. Always check links, confirm in-person when possible and, if in doubt, do not click.
For more information on digital security and the steps you can take to guard your information, contact the experts at SST today.
Special thanks to SST Operations Supervisor Ashley Henson for providing the content for this post.
