Jitasa Nonprofit Blog

Don’t Get Scammed: Email Phishing Scam

Recently, Jitasa received an email that contained a virus and spoofing techniques…it was masked by an employee’s email address, and so convincing that many opened it. Upon opening the link, it required that you enter your credentials and thus the phishing scam begins. After our tech team reviewed the email they discovered that there were several red flags that should have triggered suspicion.

  1. Recipients of the email were BCC’d, a feature that Jitasa does not employ on our email.
  2. The email came from “Andrew Fass”, yet the email signature did not align with Jitasa requirements, and was markedly different than our design.
    Scam Email Signature
  3. The Recipients of the email had not had a previous discussion with the real Andrew regarding the review of any documents.

    This was a huge indicator that you shouldn’t click the link.
    Full Scam Email

  4. The phishing email included a PDF attachment with a fake link
    Scam Email Link
  5. The link was masked as DocuSign but went to https:/x/ncsasports.cf/good/plx,
    • TIP: Always hover over a link first before clicking to see where it is taking you
  6. The fake website asked for credentials

What to do if you open that email
If you do happen to open an email intent on phishing, the best thing to do is immediately reset your password and have your computer scanned by a technology professional to ensure there is no virus.