In February, the Internal Revenue Service issued an urgent alert warning of an email phishing scam targeting school districts and other nonprofit organizations.
The scam involves the use of various spoofing techniques designed to disguise an email to make it appear as if has come from a trusted source. The spoofed email may ask for a wire transfer of money, or in some instances, personal information that commonly appears on a W-2 tax form for employers. This scam first appeared in 2016, and primarily targeted large businesses and their employees. Cyber criminals now have expanded their scope to include new targets that may be more vulnerable to their attempts to gain personal and financial information and resources.
It has recently come to the attention of the Hampton Township School District that some organizations within the Hampton community have been targeted by these phishing scams. In an attempt to spread awareness – and to prevent members of the community from falling victim to these fraudulent attempts to gain access to personal and financial information – the District is offering information about how to identify and report these kinds of scams.
One of the first things to do is to verify that the email message matches the URL. At an initial glance, the URL may appear to be perfectly legitimate. However, by hovering the mouse over the top of the URL, the actual hyperlinked address will appear. If it is different than the one displayed in the email, it is a phishing scam.
Other clues that an email may be part of a phishing scam include:
- Domain Names – legitimate domain names for websites always have the name of the page displayed at the end of the web address. If a reference to a legitimate company appears first in the domain name, it is likely a spoofed version of a legitimate person or business.
- Spelling and grammar errors – large companies and government agencies generally have a proofreader on staff who reviews and edits all correspondence prior to sending. If the message contains several mistakes, it is likely not legitimate.
- Personal information requests – if an email directly asks for personal information, or provides a link to a site and urges the person to “verify” information for an existing account for a legitimate company or service, it may be a scam. Not sure? Call the customer service department for the business or agency that is supposedly soliciting the information to verify if it is legitimate.
“If in doubt, simply talk to others in your organization to confirm an information or financial transfer before sending it electronically,” said Ed McKaveney, HTSD Technology Director.
The District is planning a future informational session for the community with additional tips and information about protecting against online scammers. Details of the upcoming session will be published on the District website once available.
If you have been a victim or attempted victim of this kind of scam, report the incident to the local police and also alert the state tax agencies by contacting StateAlert@taxadmin.org. Phishing emails also can be reported to the FBI’s Internet Crime Complaint Center online at www.ic3.gov/complaint.