Don’t be a Victim of Account Phishing

A Denver consumer sent this to us as an example of a potential fishing scam. Smartly, he didn’t just ‘click’ on sign in. First he took a hard look at the email, read it and noticed a number of issues that just didn’t make sense. See if you can spot them all. Check your answers by clicking on the PDF below.

According to this email, which says it is from Xfinity, states your incoming ‘messages are on hold. Supposedly, “messages” (not emails) have been put on hold due to a recent server upgrade. The email instructs you to click a “sign in” button to log in to your email account and deal with the problem. However, the message is not a legitimate and has no connection to Xfinity. Instead, it is a phishing scam designed to steal your email account login details. Clicking the “sign in” button opens a fraudulent website that asks for your email address and email password. After you enter these details on the fake site, you may see a message notifying you that you have successfully removed the hold on your emails. Your login credentials will be sent to criminals who will use it to hijack your email account. Once the criminals have gained access to your account, they can use it to send spam, scam, and malware emails in your name. They can also harvest personal information from your emails. Your email provider may occasionally send messages about account problems.  However, they are very unlikely to send an email demanding that you click a link to login and fix a supposed account issue. And, legitimate admin emails are unlikely to have spelling and grammatical errors like those present in many scam emails.

TIP:

  1. Always login to your email account via a trusted app or by entering the address into your browser’s address bar. Normally, you will be notified about any account issues after you login.
  2. If you receive one of these emails, just hit the delete key. Do not click any links or open any attachments that it contains.

Click here to see what the FTC says about these phishing emails from your service providers.