Phishers send fake invoices

We’ve recently heard that scammers are recycling an old phishing attempt. In this version, scammers, posing as a well-known tech company, email a phony invoice showing that you’ve recently bought music or apps from them. The email tells you to click on a link if you did not authorize the purchase. Stop – do not click on the link. That’s the new twist on an old scam.

More precisely, you just experienced a phishing attempt – that is, when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information. The scammers then use that information to commit fraud or identity theft.

Scammers also use phishing emails to get access to your computer or network – then they install programs like ransomware that can lock you out of important files on your computer.

Here are some tips to help keep your information secure:

Be suspicious if a business, government agency, or organization asks you to click on a link that then asks for your username or password or other personal data. Instead, t ype in the web address for the organization or call them. The link in the email may look right, but if you click it you may go to a copycat website run by a scammer.
Be cautious about opening attachments. A scammer could even pretend to be a friend or family member, sending messages with malware from a spoofed account .
Set your security software to update automatically, and back up your files to an external hard drive or cloud storage. Back up your files regularly and use security software you trust to protect your data.

If you got a phishing email or text message, report it. The information you give helps fight scammers.

If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org.
If you got a phishing text message, forward it to SPAM (7726).
Report the phishing attempt to the FTC at ReportFraud.ftc.gov.

Search Terms Comments have been turned off for this consumer alert.

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

Read Our Comment Policy

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

MichaelEdits February 23, 2018

Oh, I get buried in these things. But (1) I know what I have and haven't ordered and (2) With any email, I take my finger off the button before I put my mouse over any link, and look at the link address at the bottom left of my screen. It rarely matches who the email claims it is.