Scam alert: The fake ‘payment’ email you need to stay away from
oniScammers are determined to cheat you out of your money, and they keep finding new ways to do it.
These days, email scams are the oldest trick in the book: we’ve seen plenty from the ANZ, NAB, Westpac, and CBA, but they’re also posing as your telcos, too, and even Paypal.
Often their trick is to tell you your account details are wrong, your account has been suspended, or that you’ll be fined.
They’re all after one thing: your personal and/or banking details.
But there’s one new email scam going around that wants to convince you that you’re receiving payment.
According to MailGuard, an email with the subject line ‘Payment Advice’ and a reference number that appears from ‘Envision Credit Union’.
Here’s what the email looks like:
Unsuspecting recipients who download and open the attached document are asked to click on a link which redirects to a fake blurred Excel document and a login form:
This is how the Microsoft Excel form will look:
It’ll ask for your Microsoft email details, and once these are provided, you’ll be redirected to a Google Drive that simulates an error that reads “File truncate error (401)”.
While those with sharp eyes will be able to tell straight away it’s a scam, there are a number of elements that have been thrown in that might fool other unsuspecting victims.
Firstly, reference number and beneficiary details are provided, key bits of information that are normally associated with an official notification of a receipt, said MailGuard.
“Including such details boosts the authenticity of the email as it makes the payment receipt seem more credible.
The second element is the inclusion of the ‘McAfee Secure’ logo. McAfee is a cyber-security and anti-virus software provider, so the visual presence of this logo will – ironically – assure some users of the document’s safety.
“We encourage all email users to be extra vigilant against this kind of email and whatever happens, do not open or click them,” said MailGuard.
Such fake emails make up the vast majority of online scams (more than 90 per cent), so it’s important to be on guard when you’re online.
All it takes is for one email for cyber criminals to infiltrate organisations with malware and attack them from the inside.
“All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.”
How to spot the fake
If you’re not sure whether you’re looking at an email scam or not, these are the tell-tale signs to watch out for:
The emails are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
The emails are from businesses you’re not expecting to hear from
The emails ask you to download any files
The emails take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.