949-427-5108 ext 700 hello@pptwestcoast.com

I have a confession to make. As a merchant services professional who helps others avoid fraud, I recently fell for a phishing scam. Yes, me! And I’m here to tell you that some of these scams are incredibly hard to detect…until the fraudulent charges start to go through. 

 

Here’s what happened

 

I received an email that appeared to be from UGG®, the popular maker of boots and shoes. I happened to be in the market for this product, so I clicked on the link and ended up at what appeared to be UGG®’s website. The logo was there. The branding was there. Everything was spelled correctly. The website had an “https” address (the “s” indicates “secure”). To my trained eye, nothing looked amiss on what turned out to be a very well-made spoof site. 

 

Best of all, they were having a sale, so I bought some shoes! I received a confirmation email that verified the purchase and supplied shipping information… and then things rapidly went downhill from there. 

 

The scammers got very busy very quickly

 

Within 24 hours of that purchase, charges started appearing on my credit card for purchases made at online retailers I had never heard of. Then I received a notification from my bank asking if I had tried to make and $823 purchase using Apple Pay—in person at a location in another state. Um, no, I certainly did not! 

 

In other words, in less than 24 hours the scammers had used my credit card information to make online purchases and attempt to make purchases in person. 

 

I was forced to shut down the account. 

 

What are the lessons here for you?

 

I see a few takeaways here…

  • Look closely before clicking on links in emails. First, take a close look at the “from” line. Is this email from the company the message claims to be from? Next, look to see if this email just went to you individually, or if it was sent to a whole list of people. Be leery if it was sent to a group. Finally, hover over the “click here” link to see exactly where it will be taking you. You may even want to Google the company and click through that way. In my situation, the email took me to a website for “uggnational.com,” which sounds plausible. But a simple Google search would have shown me that the company’s address is actually www.ugg.com. 
  • If something seems too good to be true, it probably is. Likewise, if it seems odd, there’s probably something amiss. Glaring spelling errors and typos, for example, are often the hallmark of fraud. Big companies proofread things before it goes out!
  • Always use a credit card instead of a debit card. Why? Because credit cards offer consumer protections that debit cards do not. Because the fraudulent purchases were all made using my credit card account, I was not on the hook for the charges. I did not even have to pay for the shoes that this company obviously did not deliver.
  • Closely monitor your bank and credit card accounts. Most credit card issuers will even let you set up alerts so that you get a text or email every time a charge goes through.

 

Be extra alert during tax season

Phishing emails are very prevalent during tax season. Take the time to scrutinize things before you fall into a trap. If any of your employees use a company credit card, be sure that they’re aware of how to spot fraud, too.

*/