A concerned reader named Terry wants to make sure everyone knows about this scam. She writes:
BIG QUESTION: Have received suspicious email messages like this many times and NEVER open them. They begin Hello Terry – then a link and then the first name of someone I know. I forwarded it to her, told her NOT to open the link and asked if this was from her. Her answer is below. You might want to warn your subscribers about this VERY PERVASIVE PROBLEM. Now the question – who can I report this to so the perp can be caught???????
Terry included this screenshot of the scam e-mail
And here’s her daughter’s response.
The good news is that you did exactly the right thing. Never click on a strange link without checking. E-mails like this are far too common. We get several of them a day to our customer service address.
The issue with reporting them to the police is that they are almost always generated from overseas. U.S. law enforcement has no authority there and for many countries, running spam e-mail operations is a big business.
Your best bet is to keep marking e-mails like this as Spam. It helps teach your e-mail account to filter these types of messages out.
This e-mail may or may not have actually come from your daughter’s e-mail account. She can check the sent messages folder to find out, but it’s likely her e-mail address was simply spoofed and used to make you think that’s where the e-mail was coming from.
Someone may have acquired her contact list because either your PC or mobile device or her PC or phone was compromised. But it’s also possible that the contact list of a person who has both of you in their contacts was compromised.
Still, she’s smart to change her password. Both of you should also make sure you have up-to-date anti-virus and malware software in place. You can report scams like this to the Federal Trade Commission by forwarding the message to firstname.lastname@example.org and also to email@example.com. The Anti-Phishing Working Group — which includes ISPs, security vendors, financial institutions and law enforcement agencies — uses these reports to fight phishing.