The Cleveland Division of the FBI is issuing a warning to the greater North East Ohio community as an increase in reporting of financial scams coming in the form of phishing emails and phone calls. Scammers have tried multiple different tactics from acting as government officials, FBI agents, and representatives of the Department of Justice often threatening legal action if money is not sent to the caller. It should be noted that government agencies will never call an individual and demand money. In one targeted scam, a medical professional was asked to provide money, or the scammer threatened to take the individual’s medical license. The physician was sent faxes with Department of Justice logos entitled, “Federal Bond and Protocol Agreement” and that his bank accounts were comprised of money sent by drug dealers. Individuals should be wary of any phone, mail, or online solicitations demanding money. It is extremely difficult for law enforcement to recover funds from victims once they have been sent.
It is important for individuals to be aware of what information is shared on social media platforms. Scammers will collect these details and use them to understand better how to target a victim. The best way to protect against phishing campaigns and financial scams is training and awareness and clear examples for reference. Teaching employees how to spot a phishing email can be a great defense and enable security teams to work in conjunction with the rest of the organization. Identifying suspicious URLs, email addresses, or knowing when an attachment may be suspicious can prevent an attack brought on by a phishing email. Spelling and grammar errors are also common in phishing scams as are suspicious links and mismatched domain names. If an email claims to be from a reputable company but the email came from a separate domain, it is likely a scam. Multi-factor authentication also provides a strong barrier against phishing attacks because it requires an extra step for cybercriminals to overcome to conduct a successful attack. Companies should also utilize a service such as Binary Defense’s Managed Detection and Response service to monitor endpoints for any abnormal activity and identify attacks early before they can cause damage.