Recently, the homeschool community has been hit with a phishing email scam. Fortunately, none of the IEProgram’s data has been breeched, so all student information and data is secured.
If you haven’t received one of these emails, you probably will, so this is an important read. But I’ll make it brief.
What happened?
People have been receiving emails with a subject line like “Friends & Family Easter Party!” from email addresses of people they know. The emails contain a link to what looks like a Punchbowl e-invitation. But these invitations are not real. They are phishing or malware attempts.
You can know that the invitation you received is a scam if:
- The link has you download a file (especially if it ends with .msi or .exe file extensions–do NOT open these files)
- The link takes you to a page that has you sign in with credentials (usernames, passwords, etc.)
- The email came from a personal email (instead of a punchbowl.com email address)
- You were bcc’d on the email
- The link takes you to a non-punchbowl website (if it isn’t punchbowl.com, it’s not real)
What to do
If you received an email
If you received one of these emails, you should do the following:
- Don’t download the file
- Don’t sign into the page it takes you to
- Let the person who sent you the email know that their email account has been compromised (they probably don’t know)
If you already clicked on the link
If you’ve already clicked on a link and signed in, you should do the following:
- Change your email password first, as soon as you can
- If you use the same password for other accounts, change those passwords too
- Check your “sent” email folder. If there’s anyone you sent an invitation to, let them know not to open it.
If you downloaded the file
If you downloaded a file, don’t open it. But if you already opened it, do the following:
- Run a virus/malware scan on your computer. This varies depending on the kind of computer you use. Below are options for each kind of operating system.
For Windows PCs and Laptops
Windows has a built-in virus protection system called “Windows Defender”. It should be sufficient to catch things like this. Here is an article on how to run a virus scan. You only need to follow the first 6 steps (you don’t need to do the command prompt option).
For Macs and MacBooks
Usually, these kinds of viruses aren’t built for Mac computers, and MacOS will refuse to open these files, but it’s good to check anyway. The main way to check if your Mac has a virus is if it’s running slow, or something is using its resources. You can do this by opening up activity monitor (from your apps folder, or you can search for it with CMND + Space and typing it in). If you don’t have any apps running, and it looks like the CPU is still being used a lot, you might have a virus.
The most reputable anti-virus/anti-malware software for MacOS is “CleanMyMac“. If you think you might have a virus, it’s a good one to pick up. The trial should be enough, and then you can delete the app afterwards.
If you sent an email
If you sent an email invitation by accident, you should do all the things above. Change passwords, run a virus scan, email those you sent an email to and let them know.
Stay safe
These things happen, and no one is immune to falling for scams. Even the most tech savvy people I know get scammed from time to time. Here are some general guidelines for staying safe on the internet:
- Change passwords regularly. I know this is a pain, but you should change your passwords once a year. The industry best practice is once a quarter, but that’s usually not necessary.
- Use unique passwords. Using a password manager helps with this a lot. Dashlane, LastPass, 1Password, and Bitwarden are all good options. Having unique passwords ensures that if you ever are hacked/scammed, the attacker can’t gain access to everything.
- If something seems off, ask. If someone you know sent something that seems weird–verify with them. If you’re not sure about something, find a local tech nerd and ask them. They love sniffing out scams.
Stay safe out there!