You or your friends may have received an email saying it’s from the Financial Department of your university. It tells you to click on a link to get a message about your covid-19 economic stimulus check – and it needs to be opened through a portal link requiring your university login.
Don’t do it, said Ari Lazarus, consumer education specialist for the Federal Trade Commission, because it’s a phishing scam. If you click to “log in,” you could be giving your user name, password, or other personal information to scammers, while possibly downloading malware onto your device.
How can you spot and avoid scams like these? Lazarus advises before you click on a link or share any of your sensitive information:
- Check it out. If you have concerns about an email, contact the sender directly. Look up their phone number or website yourself. Don’t click on a link. That way, you’ll know you’re not about to call a scammer or follow a link that will download malware.
- Take a closer look. While some phishing emails look legitimate, bad grammar and spelling can be a tip-off to phishing. Another clue that the email isn’t really from your school is it uses the wrong department name. In one example the FTC has seen, the scammers called themselves the Financial Dept instead of the Financial Aid Department.
If you see something that looks like a phishing scam, report it. Forward the message to the Anti-Phishing Working Group – an organization which includes ISPs, security vendors, ﬁnancial institutions, and law enforcement agencies – at email@example.com. You can also report phishing to the FTC at ftc.gov/complaint.