(COLUMBIA, SC) – Secretary Hammond is alerting charitable donors of a phishing scam that was uncovered on September 20, 2018, that appears to come from the South Carolina Secretary of State and the South Carolina Department of Public Safety.
Phishing is a fraudulent email message appearing to come from a legitimate enterprise, such as state government. These messages usually direct the user to a spoofed website or otherwise get the user to divulge private information (password, credit card, or other account information).
“I urge everyone to read a solicitation carefully and to research the entity before making a donation,” said Secretary Hammond. “While legitimate charities see Florence as an opportunity to help their communities, others see it as a chance to take advantage of others’ generosity.” The Secretary of State’s Office does not ask donors to contribute to a specific charity.
The following are a few tips from Return Path, an e-mail deliverability expert.
Don’t trust the display name: A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Once delivered, the display name appears legitimate because most user inboxes only present the display name. If it looks suspicious, don’t open the email.
Look but don’t click: Hover your mouse over any links embedded in the body of the email. If the link address looks questionable, don’t click on it.
Check for spelling mistakes: Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Analyze the salutation: Is the email addressed to a vague “Undisclosed Recipient?” If so, watch out - legitimate businesses will often use a personal salutation with your first and last name.
Don’t give up personal information: Legitimate companies will never ask for personal credentials via email.
Beware of “over-the-top” language: Invoking a sense of urgency or fear is a common phishing tactic.
Review the signature: Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.
Don’t click on attachments: Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Notify the Secretary of State of any concerns you have about a charitable solicitation. The Online Charitable Solicitation Complaint Form allows donors to confidentially file a complaint with the Division of Public Charities, 24 hours a day, seven days a week. You can also call the Division of Public Charities at 1-888-CHARITI (242-7484).
Contact: Renee S. Daggerhart