![\"\"](\"http:\/\/pcmdx.net\/blog\/wp-content\/uploads\/2017\/06\/hacker-2077138_640.jpg\")
<\/a><\/p>\nAlthough how the actors (the term used for the “bad guys” since they are “acting” as a legitimate party) were able to get the\u00a0necessary information is still under investigation, it’s likely that it was given to them by one of the company officers via e-mail.<\/p>\n
<\/p>\n
We recently received a scam e-mail and we’d like to share it with you so that you can learn how to determine if it’s a legitimate e-mail or not. \u00a0Please note: \u00a0If you’re not sure if the e-mail is legitimate, call the sender and ask them if they sent it, even if it passes all of the tests. \u00a0It’s better to be safe and verify authenticity than take a chance.<\/strong><\/p>\n Here’s a screenshot of the e-mail we received, along with some notes (Click on the image for a full size view). \u00a0We blurred out information that is not relevant.<\/p>\n <\/p>\n Let’s begin at the top. \u00a0The subject line “Please Read! (Final Warning) | 06\/05\/2017”<\/em> sounds pretty threatening and will get your attention right away. \u00a0But it doesn’t indicate who it’s from or what it’s about.<\/p>\n If you look at Blue Arrow 1, you’ll see that it’s from “ACME account team”, followed by the e-mail address of “admin@MAIL.HAMILTONTN.GOV”. \u00a0(We’re going to use ACME as the alias for the name of the company). \u00a0So here you have two major clues that this is a scam. \u00a0First, the words ACME account team. \u00a0Any legitimate company will list themselves as ACME Account Team, with all words capitalized. \u00a0This is a major clue that this e-mail did not originate in the US (most scam e-mails are from overseas, where grammar is poor).<\/p>\n Our next clue is the e-mail address. \u00a0Although “admin” is legitimate, MAIL.HAMILTONTN.GOV is not. \u00a0That’s an e-mail server for the city of Hamilton, Tennessee. \u00a0It has a .gov domain ending, which can only be assigned to government entities, such as cities, counties, states and the federal government. \u00a0Why would ACME have this domain? \u00a0If it were a legitimate e-mail from ACME, it would end with something like ACME.com<\/strong> or ACME.net<\/strong>, not a .gov<\/strong> domain.<\/p>\n The body of the e-mail is actually very good, at least when it comes to scam e-mails. \u00a0It’s convincing, it has information in it that the typical person would consider to be legitimate. \u00a0However, as we get to the bottom, some red flags appear.<\/p>\n When you hover over a link (and the Blue Arrow 2 is pointing to two links, “Visit Help and Support” and “Login to My Account”), the bottom part of your browser, known as the status bar, will display the link that it’s pointing to, which we’re using the red arrow to point to. \u00a0In other words, when you click on the link, it’s taking you to the web site that is showing in the status bar.<\/p>\n This particular link is pointing to baltoo.com\/ACME\/index.php<\/em> . \u00a0 This should immediately sound an alarm with the person reading the e-mail. \u00a0The company that is sending this is ACME, but the domain it’s pointing to (the first part of the web address is always the domain) is baltoo.com<\/strong> . \u00a0Anything after the domain name is irrelevant, since that’s just the directory and folder inside the server it’s pointing to, and you can name that anything you want. \u00a0When you hover over the link, it should point to the company you’re trying to go to. \u00a0So it should read acme.com\/Acme\/index.php<\/em>.<\/p>\n Once you click on the link, one of two things will happen. \u00a0Either you will be shown a very convincing site that is asking for your user name and password, or you will end up on poisoned site that will infect your computer with malware, such as a virus, a Trojan, or ransomware<\/a>. \u00a0If it’s the former, you’ll enter the user name and password, and within minutes the actors will have gained access to your site (as they wanted to in this case), or perhaps gained information such as name, address, social security number, date of birth, etc. (under the guise of “verifying your identity”).<\/p>\n Recent studies have shown that firewalls, anti-virus programs, and other security software and hardware, although still crucial in preventing attacks, need to be supplemented by training of staff so they know what they should look for<\/a>. \u00a0(That page also has a quiz you can take to see how much you know about phishing attacks – we scored 10\/10. \u00a0How’s your score?).<\/p>\n<\/a><\/p>\n