American Legion Department of Florida issued the following announcement on Nov. 26.
Many of you have recently received fraudulent emails which appear to be from national headquarters. There are several variations circulating, but all seem to use the name of a national headquarters’ staff member and mention an “invoice.” Some of the emails even use the staff member’s actual email address.
These emails are also known as “phishing.” They are scams and do not originate from national headquarters. Although national cannot prevent outside groups from sending this type of email, there are several things we all can do to help protect ourselves:
•Right now we are seeing “spoof” sender attacks. These are messages pretending to be from coworkers or external work-related relationships. These messages attempt to entice you into clicking an attachment or provide personal information. Don’t do it! If you are not expecting or generally do not get a message with attachments from the purported sender proceed with extreme caution. When in doubt, contact the purported national HQ “sender” to verify the email is legitimate.
•Sometimes, but not always, the body of the message gives it away. The English is bad. The contact information at the bottom has errors such as wrong city or area code. The context of the message is just not something this sender would discuss.
•If you open an email and find that it’s not legitimate, delete the message without opening any attachments.
•Don’t provide credit card information to the sender. National headquarters will never ask that you provide your credit card information to us in an email.
•If you wish to share a message that contains the email addresses of other recipients, please delete the email addresses before you forward. That will help prevent those legitimate email addresses from getting into the wrong hands to be misused as has happened here.
•Report such phishing to the Federal Trade Commission at email@example.com
•In general, we all must have our “guard up” at all times when dealing with email. It’s easy to get in the habit of seeing a name we recognize, and clicking to open it or any attachments or links, and that can lead to many hours and dollars to recover. Question anything even slightly suspicious.
•If you wish to create a message that contains the email addresses of other recipients, get in the habit of placing email addresses in the “Bcc:” field (instead of To: or CC:). If you are going to forward a message that displays others’ email addresses, delete those addresses before forwarding to prevent those email addresses from getting forwarded on, shared or captured by a hacker and being misused as has happened here.
•Please see the attached link for more information on this subject. https://www.consumer.ftc.gov/articles/0003-phishing
Original source can be found here.
Source: American Legion Department of Florida