Watch out for the ‘update your password’ scam
The following story is from WATE, our sister station in Knoxville, Tenn.
KNOXVILLE, Tenn. (WATE) — You might want to check your computer inbox because it’s currently being hit by emails requesting you to update your password. The messages are being sent by cyber criminals. If you follow their directions, they’ll gain a pathway to your information.
In his office, one of the first things WATE reporter Don Dare does in the morning is check his email. Recently, a message caught his attention reading: “The password for ddare@wate.com has expired. Please click the button below to update your password.”
At the station, there are reminders about every three months to update our password. This message didn’t look at all like the reminder we receive from the corporate office.
The IT expert at WATE is Steve Hinzman. If you have a problem with your computer, he can fix it. If you have a question about email, like Don received, Hinzman knows the answer.
“This here is what they call a phishing scam. It entices you to click on this link and take you to a phony site where they will actually capture your password. and they will have total control of your account,” he said.
When you go online seeking information about phishing scams, there are hundreds of sites. The update your password scam is one of them.
“In this case they’re telling you that it’s going to expire in 12 hours. Most people would panic and say, ‘Oh, I need to do this,’ and click on that link,” Hinzman said.
Another tell-tail sign of the scam is the address.
“Right there it is actually showing it is coming from you, going to you. So that would be a key indicator there of what to watch out for. You obviously didn’t send an email to yourself,” said Hinzman.
There was also a warning in the message saying not to reply to the email, but to send it to another address.
“Again, it’s another link. if you scroll over this one where it says update your password,” said Hinzman, “It will actually tell you the address it is going to send that link to. If you read here it is going to Microsoft exchange server. That is not a legitimate Microsoft site. The other would be MicrosoftOffice.com, or something of that nature that would tell you it’s a legitimate business.”
If something unusual lands in your inbox here are the red flags. Look for small mistakes like poor grammar and spelling errors, a request to open an attachment., the “adrenaline surge” message: “you won money, contact us now.” The requests to take immediate action should not be heeded.
“Best practice that I tell everybody, never click on any link on any email that you get from anybody – even if it is from your mother, father, or best friend. If it says “click on this link,” no, don’t do it,” Hinzman said.
By rushing or intimidating you, email hackers are hoping that you won’t take time to scrutinize the email for flaws. Ddon’t fall into their trap. Be alert, aware and thorough as you look for phishing emails