Tag scams

Article (PSA-0031)

Why This Matters

Amazon serves millions of shoppers worldwide. Because of that huge customer base, scammers love to impersonate Amazon in order to steal money or personal data.

Amazon’s Official Stance

Amazon will never ask you for payment info, passwords, or personal details over the phone.

Common Scam Tactics

Off‑Platform Payments

• How it works: A seller lists a product on Amazon, then contacts you with a link to pay via CashApp, Venmo, Zelle, or a wire transfer.
• Why it works: You lose Amazon’s buyer‑protection and the scammer gets your credit‑card data directly.
• What to do: Never pay outside Amazon’s checkout. If a seller asks for an alternate payment method, hang up and report the listing.

Phishing Phone Calls

• How it works: Someone pretends to be an Amazon rep and asks you to “verify” your account by giving a password or credit‑card number.
• Why it works: With over 220 million Prime members, scammers know a few will be waiting for a call back from Amazon support.
• What to do: Never share passwords or payment info on an unsolicited call. End the call and call Amazon’s official number (888) 282‑395 (or use the Help page).

How to Spot a Fake Amazon Message

• Look for a URL that ends in amazon.com or amazon.com/support. Hover over links to see the real address.
• Beware of urgent language: “Your account will be closed in 5 minutes – click now.”
• Legitimate Amazon emails will address you by name and never contain spelling mistakes.

What to Do If You Think You’ve Been Scammed

• Change your Amazon password immediately.
• Visit the Amazon Account Help page to secure your account.
• Report the incident to the FTC at reportfraud.ftc.gov.

Scam‑Avoidance Checklist

• ✔️ Amazon never asks for passwords or payment info over the phone.
• ✔️ Verify every link – it must contain “amazon.com”.
• ✔️ Never pay outside Amazon’s checkout.
• ✔️ Hang up on suspicious calls; call Amazon’s official support line.
• ✔️ Report any scam to Amazon and the FTC.

Need Help?

If you have questions or think you’ve been targeted, call us at (707) 506‑6802 and speak with a technician.

Article (PSA‑0026)

Why Email Scams Matter

Scammers use email to trick you into handing over personal data (passwords, Social‑Security numbers, account numbers) or to install malicious software that can turn your device into ransomware. Even if you pay the ransom, the attackers almost never unlock your files.

Common Ways Email Scams Look

• Urgent pleas for help (e.g., “My account is locked – send money now”).
• Fake password‑reset or security‑alert messages.
• Impersonations of familiar institutions – government agencies, the IRS, banks, or popular services like Netflix.

Why Businesses Are Prime Targets

Scammers can harvest a company’s public data (website, LinkedIn, press releases) and craft highly specific, believable messages that appear to come from a trusted partner or vendor.

Key Statistics (to put the risk in perspective)

According to Symantec research, **≈ 85 % of all email traffic is spam or malicious**. Roughly **9 out of 10** messages are not legitimate, and most contain malicious links or attachments.

Three Pillars of Protection

1. Adopt a Healthy Distrust of Email

• Assume every unsolicited email could be a trap.
• Never click links or open attachments unless you’re 100 % sure they’re legit.

2. Keep Your Basics Up‑to‑Date

• Install operating‑system and application security updates promptly.
• Run reputable antivirus/anti‑malware software and keep its definitions current.
• Enable a firewall (built‑in Windows Defender Firewall or a third‑party solution).
• Configure your email provider’s spam‑filter and junk‑mail settings.

3. Examine Suspicious Emails Carefully

1. Don’t rush. If you’re busy, set the message aside and review it later.
2. Ask yourself:
   • Do I actually have this service or account?
   • Does the request make sense for me?
3. Check the sender address. Look at everything after the “@”.

   Real Netflix example:
   admin@netflix.com

   Fake Netflix examples (watch the domain part carefully):
   admin@netflix.ru
admin@netflex.com

   The legitimate address always ends with .com and the domain name is spelled exactly “netflix”. Anything else (e.g., .ru, “netflex”) is a red flag.

4. If anything feels off, mark the message as Spam/Junk and delete it.

Quick Email‑Scam Checklist

• ✔️ Treat every unexpected email as suspicious until verified.
• ✔️ Hover over links – the URL displayed must match the claimed site.
• ✔️ Verify the sender domain (e.g., @bankofamerica.com, not @bankofamerica.co).
• ✔️ Keep your OS, apps, antivirus, and firewall up to date.
• ✔️ Use strong, unique passwords and enable multi‑factor authentication where possible.
• ✔️ Report phishing attempts to your email provider and to the FTC (reportfraud.ftc.gov).

What to Do If You Think You’ve Been Compromised

• Disconnect the device from the internet.
• Run a full scan with your antivirus/anti‑malware solution.
• Change passwords for any accounts that may have been exposed – start with email, banking, and any services that store personal data.
• Consider enabling credit‑monitoring or a fraud‑alert with the major credit bureaus.

Need Help?

If you have questions about a specific email, need assistance tightening your security, or want a quick safety review, call PSA Computer Services at (707) 506‑6802.

Alert (TA18-275A)
HIDDEN COBRA – FASTCash Campaign
Original release date: October 2, 2018

Redirects to the Official website of the Department of Homeland Security
[US-CERT – United States Computer Emergency Readiness Team]

To read article visit: https://www.us-cert.gov/ncas/alerts/TA18-275A