The CEO of a large corporation receives an urgent email from the Internal Revenue Service requesting information and alerting the company about a possible unclaimed tax refund. He is busy and gets hundreds of emails daily, but he figures since it’s tax time this IRS request must be important, so he quickly forwards it to the CFO to take care of. The CFO receives the email, sees it is from the IRS and appears to be requesting information, and sends it on to the accounting and finance department with a note asking that it be taken care of immediately. The first thing the accounting specialist who retrieves the email from the department’s email inbox notices are the names of the CFO and CEO in the email headers. He scrolls down to click on the IRS link and fills in the corporate tax ID number, account numbers, and other information the IRS is requesting on the simple form that pops up.
Unfortunately, the original email didn’t come from the IRS, and it wasn’t an innocent request. Instead, it was a fraudulent “phishing” email aimed at tricking corporate personnel into sharing private financial information about the company. When the accounting specialist filled out the information , it immediately fell into the hands of cybercriminals.
What Happened?
This corporation became the victim of “phishing,” a type of cybercrime. A phishing victim receives an email on his or her computer or device that looks like it is from a legitimate organization, such as a bank, credit card company, government agency, or retailer. The email contains a link that takes the user to a malicious website or installs malware on the computer, which then infects the computer (and potentially the entire network if the machine is connected to one) with a virus.
In many cases, phishing scams play on people’s emotions or fears to encourage them to click on the link or send personal information. For example, one type of phishing scam involves an email stating “There is a convicted child predator living in your neighborhood,” and contains a link and the name of a legitimate organization. The link actually takes the user to the organization’s website, but in the meantime, malware is being installed on the user’s machine. Scams like this play on deep emotions and use phrases like “your local area” or “near your home” to lure you in. Don’t let yourself get played by these criminals. Avoid clicking on anything that arrives in an email you didn’t specifically sign up for or request via the organization or company itself.
Securities and advisory services are offered through LPL Financial (LPL), a registered investment advisor and broker-dealer (member FINRA/SIPC). Insurance products are offered through LPL or its licensed affiliates. Franklin Mint Federal Credit Union and Mint Wealth Advisors are not registered as a broker-dealer or investment advisor. Registered representatives of LPL offer products and services using Mint Wealth Advisors, and may also be employees of Franklin Mint Federal Credit Union. These products and services are being offered through LPL or its affiliates, which are separate entities from, and not affiliates of, Franklin Mint Federal Credit Union or Mint Wealth Advisors. Securities and insurance offered through LPL or its affiliates are:
| Not NCUA Insuredor Any Other Government Agency | No Credit Union Guarantee | Not Credit Union Deposits | May Lose Value |
The LPL Financial Registered Representatives associated with this site may only discuss and/or transact securities business with residents of the following states: NJ, PA, NY, DE, AZ, MI, FL, MD, TX, VA, GA, NC.
Financial Learning Center content created by TrueBridge, Inc. The information provided is based upon sources and data believed to be accurate and reliable. The content contained herein is intended for information and illustrative purposes only, should not in any way be construed as a personal recommendation, and should be used in conjunction with individual professional advice.
