LCB Issues Fraudulent Email Alert to I-502 Businesses
On Wednesday November 2nd 2016, the WSLCB (Washington State Liquor Control Board) sent out an urgent alert to WA State Cannabis Business licensees.
Evidently, some malicious person or persons have sent out emails with harmful links that, when clicked, attempt to collect sensitive information, including usernames and passwords.
These kinds of malicious emails are commonly known as "phishing".
The LCB did not specify what kinds of accounts these phishing emails are trying to get licencees to provide access to - one would think it would be things like bank accounts or the like - but they also included a screenshot of one such phishing attempt (see below).
Here is the full text of the LCB alert:
Recently licensees have alerted us to a fraudulent email (see below) claiming to be from the WSLCB that instructs readers to click on a harmful link that attempts to collect their username and password. Official agency emails originate from a @lcb.wa.gov address, we do not use Comcast, Yahoo, Gmail, etc. for electronic correspondence. The agency will not ask you to provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.) via text or email. If you receive a request for personal information, especially one as poorly worded as this, you should reach out to the WSLCB to verify its authenticity.
The LCB also included the following screenshot example of a phishing email provided by one or more licencees:
As you can see in this example, evidently the phishing attempt was to try to get email user name and password.
However, this is just one example, there may be more.
The LCB also said the following about what you can do if you receive such an email:
If you receive this message (or any message similar to it), do not open it and delete right away. Detailed instructions on email scams, how to spot them and protect yourself are available through the Federal Trade Commission.
If you have any additional questions please contact our Customer Service at (360) 664-1600.
Obviously, this is disturbing, but not particularly surprising.
The internet is rampant with bad actors trying to gain access to people's sensitive information.
If I can be of any help to you at all, please don't hesitate to pick up the phone and call me: