I try to keep my spam filter on the most restrictive setting, which has dramatically decreased the amount of spam I receive in my email box every day. But every once in a while, I receive an email that makes my gut twitch and my eyebrows raise. I got one today from a well-known bank, logo and all, looking very official and authentic. Those of you who know me know that I am “wicked paranoid,” so the frown was deep on my forehead when I read it.

Official looking or not, I do not do business with this bank (not to say that it isn’t a good bank), and of course, I do not conduct any banking business online or through email.

The missive said that the bank was alerting me to the fact that “we detect an issue on your account that needs to be resolved” and included a link to “Resolve here” from the Online Team. I was curious, so I looked at the url, and it was “security-online @[bank name].com”, which looked pretty legitimate. It could definitely dupe someone else, so I sent it to my IT team and asked them to blacklist it in the event that someone else received it.

But that’s not all. After I deleted the email and sent it to my IT team, I got a telephone call on my cell phone from a Rhode Island number of that bank. I don’t pick up any calls that are from unknown numbers, so I didn’t pick up. As I said before, I don’t do business with this bank. I had just received this bogus email, so my wicked paranoid tendencies kicked into high gear. The caller did not leave a message, so that is an obvious sign that it was not legit. Then one minute later, yes one minute later, the “bank” tried to call again, but this time it was from the same number except for the last digit, which was one digit higher. I didn’t answer this call either, and no message was left. I truly believe it was the hacker. When the email didn’t work, the scammer tried to call me to say how urgent the situation is, and to resolve it through the email.

Hackers are buying domain names that are very similar to real businesses in order to dupe people into believing it is the real business. They are spoofing numbers so the caller ID looks like it is from your area code or actually from the business. When emails don’t work, they call. And it’s always urgent.

Scammers are getting bolder and more insistent. They have the time. This is their day job. They target you and try to scare you. If this had been a bank with which I do business, I would have called the bank or my banker directly to inquire about my account. I would never reply to any email or telephone call from my “bank.” Delete that email and don’t answer that call.

View Original Source
Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.