You didn’t buy a $750 television from Amazon. Then why are you getting an e-mail from the online retailer notifying you of the impending delivery of a big screen, but only if you pay a few hundred dollars first?
You aren’t going to receive a television and you’re not getting a legitimate e-mail. Instead, a scammer is trying to pry your money and personal information from you.
This type of well-designed phishing scam has become more common in recent years, with ne’er-do-wells spoofing retailers, online payment providers and other companies in fraudulent e-mail — as well as phone calls, texts and social media posts.
Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies.
The Federal Trade Commission notes that often these phishing e-mail tell a story to trick you into clicking on a link or opening an attachment. They may:
g say they’ve noticed some suspicious activity or login attempts;
g claim there’s a problem with your account or your payment information;
g say you must confirm some personal information;
g include a fake invoice;
g want you to click on a link to make a payment;
g say you’re eligible to register for a government refund;
g offer a coupon for free stuff.
That was certainly the case in two recent examples reported to the Iowa Attorney General’s Office. In these cases the consumers reported receiving professional-looking e-mail claiming they had made large purchases.
The first e-mail informed the consumer that the recent purchase of a $1,250 computer from Amazon was placed successfully. The e-mail contained information on the purchase, such as the consumer’s name and e-mail address. However, the shipping address was for someone else.
The e-mail encouraged the recipient to call a number with queries about the purchase. When the consumer made the call, the help center operator instructed the consumer to purchase a gift card and provide the card’s number over the phone.
The second e-mail claimed to be from PayPal informing the recipient that a recent $780 smartphone purchase had been authorized from their account.
Although the e-mail does not appear to have the PayPal logo, it included the consumer’s information and the notification of an expensive purchase.
The consumer told the Iowa Attorney General’s Office they did not have a PayPal account, but placed a call to the number listed. The operator informed the caller they would need to send money before a refund could be established.
In both instances, the consumers noticed something “phishy” going on and identified several hallmark of scams in the e-mail and interactions over the phone.
If you receive what appears to be a phishing e-mail, remember:
Be cautious about opening attachments or clicking on links in e-mail.
Even your friends’ or family members’ accounts could be hacked. Files and links can contain malware that can weaken your computer’s security.
The Federal Trade Commission suggests that if you receive an e-mail or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?
If the answer is “No,” it could be a phishing scam.
If the answer is “Yes,” contact the company using a phone number or website you know is real. Note the information in the e-mail. You should always avoid calling the numbers listed on the questionable e-mail. The FTC cautions that if you do call the number, you’ll likely be connected to a scammer. If you want to call the company that supposedly sent the message, look up their phone number online.
To avoid receiving phishing e-mail in the future, the Iowa Attorney General’s Office suggests consumers use filters to reduce spam correspondence.
If you do get a fake e-mail like this, report it to the FTC at ReportFraud.ftc.gov.
Tom Miller is the Iowa attorney general. He may be reached at email@example.com. Or visit www.iowaattorneygeneral.gov.