NDSGA | Don’t Get Caught!
Avoid Phishing Scams

Here and there you may receive phishing emails from sources you think are trustworthy such as the North Dakota Soybean Growers Association (NDSGA) or the American Soybean Association (ASA). These scam emails often appear to come from a staff member or trusted colleague. Unfortunately, these emails may even at times include the NDSGA or ASA logo. If you carefully review the “from” email address, you will often be able to determine these are indeed a scam (more tips below). Please remember, that the NDSGA and the ASA will never ask you for money, GoFundMe donations or ubiquitous gift cards.

We understand these emails are frustrating, but we are unfortunately unable to prevent this very popular scamming technique from hitting your inboxes. There is no need to alert NDSGA or ASA when you receive these emails; we regret the inconvenience for all of you but can only help prepare you to have a trained eye and know how to respond (which is to NOT respond!). We’ll occasionally send reminders like this one to try to be helpful to you and/or your staff and share any new tips we receive from tech support or other sources.

Preparation to recognize these deceptive mailings and diligence to catch them before clicking is the best defense. Internally, staff goes through intense annual training and weekly reminder training to protect NDSGA and ASA data, and our technical service providers regularly review our cybersecurity measures, including antivirus and other defenses.

As a reminder, if you get one of these emails:

• Do not open it. In some cases, the act of opening the phishing email may cause you to compromise the security of your Personally Identifiable Information (PII).
• Delete it immediately to prevent yourself from accidentally opening the message in the future.
• Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
• Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites.
• Do not reply to the sender. Ignore any requests the sender may solicit and do not call phone numbers provided in the message.

How can you tell something is a scam? If it:

• Has a deceptive email header. Check message headers carefully to see who the sender really is. Phishers use colors, logos and phrasing from companies and universities to make their communication seem genuine and mimic a legitimate email address.
• Directs you to a website that looks legitimate but is not. Sometimes the phisher uses a URL that appears similar to a genuine source’s URL in order to trick you. To avoid being fooled:
  • Make sure the URL for any form matches the trusted place you intend to go.
  • Hover your mouse over a link without clicking it to see the link’s destination.
  • Do an Internet search for the actual company URL.
• Asks you to give, update, validate or confirm your account information.
• Requires an immediate response such as, “You must respond within 24 hours.”
• Threatens dire consequences if you do not respond.
• Contains forms or dialogue boxes that prompt you to enter your Personally Identifiable Information (PII).
• Is not a secure page. Before entering any PII, be sure a page is security enabled (starts with https, not http). Never fill in forms you receive in email, or ones you were directed to by an unsolicited message, pop-up or text.
• Contains spelling and grammatical errors.
• Fails to address you by your name and instead addresses you as “Client,” “User” or “Customer.”
• Appears to be from a reliable source. Phishers disguise themselves as reliable, familiar sources like a bank, telephone or computer company.
• Promises services or rewards that are too good to be true like offers on coupons or promises to remove computer viruses. This is often a way of gaining access to your email address or the computer itself.
• Tries to entice you by offering you the latest technology. Phishers will often use products like iPads, phones, laptops, and flat-screen televisions to get your email address or phone number.
• Looks like a suspicious update by a friend on a social media network. Scammers target popular social media sites and use messages or updates from friends to lure you to sites requesting your Personally Identifiable Information (PII).

Thank you for understanding that these pesky tactics are not exclusive to NDSGA nor ASA and are sadly an ever-growing criminal activity—and one for which we all need to remain diligent to prevent NDSGA, ASA and each of you from falling target.