In the past couple days, the agency has received several fraudulent emails pertaining to direct deposit/banking information requests. Please be careful when communicating any personal or sensitive business information via email.
Emails may appear to be sent from valid accounts that you may know. But upon further inspection are actually from nefarious email accounts. Please remember to use caution when asked for sensitive information pertaining to your personal accounts or CRAEA accounts.
Below are some useful guidelines to help you determine the validity of any emails in question.
- Don’t give out personal information – legitimate organizations (e.g. banks, healthcare organizations, etc.) will never ask for personal credentials (username and password).
- Look but don’t click– hover your mouse over any embedded links. Look at the domain, if it ends with a country code, beware (.br = brazil, .cz = Czech Republic, ru = Russia, etc) If the link looks weird don’t click on it. Many phishing attacks are orchestrated outside the United States. If you think it is a valid shared Google document, log into your Google account first via your default Web browser, then click on the link. If it is valid it will no longer ask you for your credentials. Be aware, you must log into Google with your default Web browser first.
- Don’t click on attachments – including malicious attachment that contain viruses or malware is a common phishing practice.
- Don’t trust the display name – many phishing attempts spoof the display name (e.g. the “From” address”. Hover your mouse over the From address to see the actual sender email.
- Check for spelling and grammatical mistakes – organizations are serious about email. Legitimate messages usually do not have major spelling errors.
- Analyze the salutation – Is the email addressed to “Valued Customer” or such generic terms? If so, watch out; legitimate businesses will often use a personal salutation.
- Beware of urgent or threatening language in the subject line – invoking a sense of fear or urgency is a common phishing tactic.
- Review the signature – lack of details about the sender or how you can contact the organization strongly suggests a phishing attempt.
- Don’t believe everything you see – phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address does not mean that it is legitimate. Be skeptical when it comes to suspicious emails. If it looks even remotely suspicious don’t open it and send it to your Info Tech support staff to verify its validity.