The Town of Killam, Alberta has issued an urgent message to it’s local businesses and residents, cautioning them about a scam email being sent out.
The email is disguised as an official looking letter from the town office and uses the towns logo they use as their profile picture on Facebook.
IMPORTANT.. DO NOT OPEN THIS EMAIL!!!
A number of residents and business owners have received this email – saying it is from “Killam” and that you need to “follow the LINK”. DO NOT CLICK ON THE LINK.
Please take note of the address the email is coming from… and all the details included – street address, phone number, fax number – are non-existant. – Town of Killam, Alberta – Facebook Message
The email subject line reads “ANNOUNCEMENT FOR ALL MEMBERS” and the body of the letter requests the recipient follow a link and sign in with their email. DO NOT CLICK ON THE LINK.
While these types of scams are most often seen in Phishing attempts, where they are seeking to gain personal information to exploit and often use that information for identity theft, they can also contain viruses or malware that can infect your computer and give a hacker back door access to all your information.
As pointed out by the town Facebook post, there are numerous red flags to watch for when you are trying to determine the validity of an email.
The return email address; Sometimes the sender will disguise the email address and it will appear to have come from one that you recognize as safe and legitimate. In the case of Killam’s fake email however, they have made no attempt to do that and the return email shown is from a domain in Sri Lanka, although that could be faked as well, but it certainly isn’t where the Killam town office is located.
One thing to watch for on those return email addresses is that the scammer will often create an email address designed to catch those who scan quickly such as “firstname.lastname@example.org”
Address and phone number; The offline contact information in this email is fake and non existent. A simple call to one of the numbers would prove the email is a scam, however scammers will often take the chance that few will call and verify their fake email and use the correct contact information for the company or agency they are disguised as.
Spelling errors & bad grammar; Almost every scam email out there can be quickly exposed by the sometimes laughable grammar and use of the English language. In the case of this email, the phrase “This announcement has been uploaded for your kind information….” is just one of several dead giveaways of the scam.
Many of these scams originate in foreign countries where English is not an official language. Scammers frequently rely on translations that offer us a way to defend ourselves. While many may use software to ensure spelling and grammar is correct, there is no software out there yet that allows a translation to “conversational” letter writing language. Simply put, few of us, even on official levels, communicate in writing with precise grammar anymore. We, intentionally, lean more and more towards communicating our messages in the same way we would speak. This is disheartening for some, however we can use that trend to help protect ourselves.
Indications of a form letter; When you look at the letter allegedly from Killam, you will see several things that point out to you that the scam has created a list of target emails and is using a form email to send them all out. While form letters are also used legitimately, they generally only insert the receiver’s information. In this case KILLAM is inserted as it would be in a form database, and so likely is the sender name, logo and contact information. This form letter will likely be used to spoof other emails from a variety of agencies, municipalities and even non profit clubs.
How do they know who the town of Killam businesses and residents are to send them the email?
Social media is the biggest weak spot in your wall, particularly for businesses. Once a scammer has chosen an agency to spoof, it is very easy to locate those who follow or are a member of the people that agency represents. All a scammer has to do is search social media for people connected to the agency. That could be through Facebook groups, followers of pages or even hashtag searches of people who post about a topic.
Protect yourself; Do not post your email address ANYWHERE on Facebook. EVER. For businesses, do not offer your email address on your website, instead use an encrypted contact form and screen the messages you get through that for carefully. The moment you reply, you will be revealing you email address to a potential scammer.
Lock down your Facebook profile, even to your friends. Keep your location, contact information and other personal data to yourself. All it takes is one friend request from a scammer disguised as someone you know to hand over everything they need to turn your life upside down.
All too often I see friends post their email address, innocently, on Facebook. That stays there forever. Once a scammer has selected you as a target, finding your email address can be very easy for them. One big caution is Facebook groups. You can not hide anything you post in a group unless you know who you specifically want to block. Scammers love groups.
TOWN OF KILLAM WILL NOT BE THE ONLY FAKE SENDER
While the town of Killam is the target in this instance, I can’t emphasize enough that this is a form letter and I will guarantee you if is being used to spoof other organizations.
If you receive an email you believe is a scam, you should report it to the Canadian Anti-Fraud Centre (CAFC). If you receive an email like this for other organizations, be sure to also notify them so they may alert their membership or others they feel may be targeted.