Scammers have been emailing what looks like a genuine notification from Ohio Job and Family Services (ODJFS), but the agency issued a warning late Wednesday to current and past recipients of Pandemic Unemployment Assistance (PUA) to not click on the links that appear in their email.
The “phishing” email instructs those targeted to click on a link in three different places in the bogus graphic to claim additional pandemic stimulus benefits.
The graphic appears to be from ODJFS complete with the agency’s logo, but the agency stressed it was not legitimate and that PUA recipients should not fall for it, adding that ODJFS doesn’t send out those types of communications.
According to the cybersecurity and privacy education website MediaPro.com, phishing emails all have the same goal, and that is to get the recipient to grant a cybercriminal access to personal information where a piece of Malware alone could not do the job.
MediaPro.com said that the point of nearly all phishing emails is theft, either through stealing funds directly or gaining sensitive personal information that could be sold on the internet equivalent of the Black Market.
The organization pointed out five common signs to watch out for:
• Check the spelling — One of the most obvious giveaways in a phishing email is incorrect spelling in the body or the subject line. In the spoof ODJFS email, scammers made sure there were no misspellings in the text.
• Hover before you click — Phishers often try to conceal Uniform Resource Locators (URLs) leading to Malware this way, and MediaPro said a good rule of thumb is to always hover over hyperlinks in emails before clicking on them since that would reveal the true destination of the URL, no matter what the linked text says.
• Be suspicious of generic greetings — Any messages addressed generically, especially ones regarding financial transactions, should raise a red flag. MediaPro said that for better or worse, most companies that deal in data have enough information on their customers to refer to them by name in email communications. This personalization can help sort out the real emails from the fake ones.
• Be wary of attachments — Though attachments are regarded by some IT experts as a holdover from the days of cassette tapes and dial-up internet, the Malware-carrying file attachment is still a common tactic for phishers. MediaPro warned to not open unexpected attachments, since the risk is simply not worth it.
• Don’t be intimidated — Phishing emails will often seek an emotional response from the recipient using inflammatory or threatening language, or in the case of the ODJFS email, a fake deadline to apply for additional benefits. If the subject line or body of an email urges to do something right now, or else, assume that it’s a fraud.
ODJFS warned all Ohioans to beware of scams using texting or emails to obtain personal information, and urged anyone who received an email that they suspected of being a phishing attempt to not click on any of its links.
Individuals who have received what they believe to be a spoof or phishing email are encouraged to report it to the Ohio Attorney General’s office at 1-800-282-0515 or go to ohioprotects.org and click on the “file a complaint” link.
Reach Tim Colliver at 937-402-2571.