YOU GET AN Email from a legitimate looking person who reports an invoice paid for a subscription to McAfee.
You do not own or use McAfee software, or you have it and your subscription is already current.
WHAT IS HAPPENING! You ask yourself, I don’t remember paying that? Or, I used to have McAfee, I thought I cancelled that long time ago???
Here is how the scam works. The email alleges they made a payment for you. However, the sender of the mail does not work for McAfee at all. Certain details of the email tip off that the email is a phishing attempt.
“Phishing” is the deceptive art of attempting to get financial information out of you so they can then actually charge your card for a service you never requested.
Tips to Detect the Phishing Attempt
- Look at FROM: line. Most legitimate businesses have a unique domain that corresponds to their business name. For example, email from B. A. Computer Services comes from @bacomputer.net. When the FROM line comes from a generic or free account such as @hotmail.com, @live.com, @yahoo.com, or @gmail.com, and yet alleges to represent a well known company such as McAfee, that is highly suspicious.
- Look at the TO: line. Is it blank? Is it to you? Then look at the BCC: line. Is it to you? If the sender of the email is using the BCC line to send you the email, the chances are he used the Blind Carbon Copy line to send it to hundreds of other innocent victims too. The email really isn’t about you at all. It is merely a generic phishing attempt. The list of addresses on the BCC line do not get revealed to the recipients of the email, thus it appears only you received the email when in fact possibly thousands of others did as well.
- Look at the Email content. Does the email use your name in the text or the attachment? If it doesn’t, then probably the sender does not know your real name at all because you do not have an account with them.
- Does the email use poor grammar or make spelling errors? A sure sign that it is (a rather poor) scam attempt.
- Attachment? DO NOT DOWNLOAD IT if the any of the above items held true. The attachment is very likely a virus!
What To Do With The Unwanted Email
It is always safest simply to delete it outright. Don’t play with it. Delete it, Delete it, Delete it! If you are in doubt whether or not something really did get paid or needs to be paid, refer to the your bank or card company directly at the official phone numbers on your card or at your local bank. NEVER rely on the information in the email.
However, if you wish to be more proactive, some email platforms such as Gmail.com have options that allow you to report the phishing attempt. Gmail allows you to do this by clicking the 3 vertical dots menu and selecting “Report Phishing”. The effect of reporting it may alert the administrative team of your email provider that their platform is being used to scam people. Information Managers generally have a very keen eye for these scams and a proprietary interest in blocking the source of the email so you and no one else gets them from that source again.
Recommendation: Do not randomly report emails as phishing if they are not truly phishing because they will bog down the administrators who are trying to stop the real phishing attempts. The difference between a phishing scam and an unsolicited spam email is that the phishing scam alleges a financial transaction has already or needs to be confirmed in such a way that it fools you into calling the number in which the scammer can then pump you for information so they can actually scam you out of money. Until you make the call, you have averted the scam. The moment you make the call, you make yourself a direct target for this and future scams. The call you make identifies your phone number to the scammers and they will thereafter re-attempt to scam you again and again from other random phone numbers, most likely. So once again, DO NOT CALL THE NUMBER IN THE EMAIL.
Your first-line responders to the possibility that an email is a scam may be a family member, your neighbor, or a local tech person. Other resources include the official government channels. B. A. Computer Services cannot endorse any one website as a single source that will solve the world’s phishing problems. Instead, we recommend that you first contact your email or internet provider and let them know about the attempt. Secondly, we recommend you search in your browser for “Report Phishing Attempt” and follow any of the many links that will be listed and choose the most relevant result that fits your particular situation. You may also contact the FBI at https://www.ic3.gov/ or the Federal Trade Commission https://www.ftc.gov/.