By REBECCA RUTHERFORD
Los Alamos

In a trending scam, Gmail users are getting emails in their inboxes with the subject “Online Rewards Program”, letting them know they are the 18 billionth Google search and they have won a prize. The email appears to come from Google and the email message likely looks something like the image above.

And of course you have to click the link to claim your fabulous prize.

Can you even imagine if Google actually did give out prizes for searches? Google users make approximately 8.5 billion searches per day. Because sometimes you just need to know “Do androids really dream of electric sheep?”, “Why is my cat screaming at the ceiling?”, etc. That would be a heck of a lot of giveaways, even for a company of Google’s stature.

Spoiler, dear reader, this is yet another scam.

The email might appear to come from Google, but it is simple to steal a logo image, and to spoof an email address to add legitimacy to your phishing email. How do you spoof an email address? You can specify a “from” email address, which is completely different from the actual email sender address, so I could say the email is from “customerfun@google.com” when it is actually from “badsender@wedocrimes.net” and it would be really difficult to tell without examining the email headers.

If you do click the link, the only prize you’ll get is losing your personal information to whatever scam is being served up on the other end. If something seems too good to be true, it is!

While this scam may be obvious, many phishing scams can be less so, and it can be all too easy to fall for a phish.

Here are a few tips to avoid becoming chum for the scammers:

• Don’t open any email that looks suspicious, like emails from an unknown sender, and if you do, never click on any link in it. Also, don’t reply. Repeat, do NOT reply. Just delete it and ignore it.
• Poor grammar and spelling are a big sign it’s a scam.
• Scammers don’t know your name and they’re sending large quantities of emails or texts at once, so they often address it “dear customer,” “dear user” or quote your email address rather than use your name. This is often a sign it’s a phishing scam.
• Never trust caller ID on your phone, especially when the caller asks for private information. It is incredibly easy to spoof phone numbers.
• Never give out personal info on an email, text or call. Companies will never ask you for that info over the phone or by text or email. Call the company back using a number you find independently, i.e. go to their official website and get their number to call and confirm.
• If it looks too good to be true, it is!
• Never send money or gift cards to someone you don’t know, whatever reason they give. Scammers try this on dating platforms or social media.
• Report fraud, or attempted fraud, at www.consumerfinance.gov/complaint

Stay alert, and just delete those suspicious emails, and you can save yourself a lot of grief.

Watch out for scams, and don’t click that link!

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.