Phishing has become a common threat faced by organizations in today’s digital era.  While cybercriminals are enhancing their tactics to make their attempts seem more legitimate, they continue to recycle old scams, making only minor changes to trick their victims.

An old phishing attempt has recently started resurfacing where scammers pose as a well-known tech company. In this scam, the attacker sends the victim an email containing a fake invoice intended to trick the victim into believing a music or app purchase was made with their account. In the email, the victim is instructed to click the provided link if they did not authorize the purchase appearing on the invoice. If the victim clicks on the link, they have fallen for the phishing scam.

In a phishing attempt, a scammer uses various methods including fraudulent emails, texts, or copycat websites to try to trick the victim into sharing valuable personal information. Once the scammer has successfully obtained the victim’s personal information, they can use that information to commit fraud or identity theft.

Not only can a hacker steal the victim’s personal information, but with a successful phishing attempt they can also gain access to their computer or network. Once a hacker has access to these areas, they can install malicious programs, including ransomware, which could result in the victim being locked out of their files, or potentially losing their files altogether.

How can you protect yourself and keep your personal information secure?

Below are some helpful tips provided by the Federal Trade Commission:


Be suspicious if a business, government agency, or organization asks you to click on a link that then asks for your username or password or other personal data.”

Scammers will often create copycat websites to trick you into thinking you’re in the right place. Instead of clicking on the link provided, open a browser window and type out the hyperlink on your own, or call the organization to verify that they sent you the email. If you choose to call the sender to verify their legitimacy, it’s important that you don’t use the number provided in the email; instead look up the number on the organization’s website to ensure you’re calling the right place.


 Be cautious about opening attachments.”

Scammers will often use attachments when trying to trick their victims. Even if the attachment appears to be coming from a legitimate source, hackers will often pose as someone you know, such as a friend or family member. Use extreme caution if you receive an email with an attachment; it could contain malware intended to infect your computer.


Set your security software to update automatically, and back up your files to an external hard drive or cloud storage.” 

Software updates will employ patches aimed to fix known vulnerabilities, therefore keeping your software up-to-date can greatly reduce the risk of a hacker gaining access to your system. Having these updates performed automatically will ensure that you never miss a critical patch in order to keep your system running as securely as possible.

While taking the appropriate steps or precautions to protect yourself from a phishing scam is important, it is also critical to prepare yourself incase an incident were to occur. Backing up your files to an external hard drive or cloud storage service can help you retain access to your files if they are deleted or become corrupt.

The post Federal Trade Commission Warns of Fake Invoice Phishing Scams appeared first on HIPAA Secure Now!.