Due to an increase in the number of phishing attempts and their sophistication, we want to make sure our members know when you are receiving a legitimate email from the GHBA versus a phishing scam. Scammers will pretend to be GHBA staff members, volunteer leaders and will even go as far as using the GHBA logo in their email addresses. Please note that these logos are being used fraudulently.
Here are a few ways to avoid phishing scams from what appears to be GHBA staff or a member:
- Always check to see where the email is coming from. GHBA staff members and volunteer leaders will always email you from an “@ghba.org” email address.
- If the GHBA does reach out regarding an unpaid invoice, you may confirm if you have an outstanding balance by accessing your MemberHub profile.
- Feel free to reach out to a GHBA staff member you are familiar with to double verify!
A Note From NAHB Regarding Fraudulent Requests for Proposal (RFPs)
We recently warned you of phishing scams targeting associations. It has come to our attention that there has been a surge in attacks using seemingly harmless PDF files.
Advertisement
What’s happening?
These emails contain an unprompted Request for Proposal (RFP) in the form of a PDF. When the PDF is clicked, it redirects the user to a SharePoint log-in site and prompts for credentials. Once entered, these credentials are stored and subsequently used to gain unauthorized access to your accounts.
What should you do?
It is strongly advised that you refrain from opening any unsolicited PDF attachments, especially those purporting to be RFPs. If you receive an unexpected or suspicious email, even if it appears to be from a known contact, please exercise extreme caution. If you know the sender, call them directly to verify the legitimacy of the email.
Disregard any suspicious emails and, if you have any suspicion that the email is fraudulent, contact your membership representative directly. See below for common warning signs of suspicious emails.
To help reduce the risk of fraud, please familiarize yourself with the following information:
What is a phishing attack?
Phishing attacks aim to trick you into sharing your passwords, account numbers, and sensitive information, and gain access to your accounts. A phishing message may look like it comes from a trusted organization, to lure you to click on a dangerous link or pass along confidential information.
Common warning signs of phishing attacks include:
- A text message or email that you didn’t expect or that comes from a person or service you don’t know or use.
- Spelling errors or poor grammar.
- Mismatched links (a seemingly legitimate link sends you to an unexpected address). Often, but not always, you can spot this by hovering your mouse over the link without clicking on it, so that your browser displays the actual destination.
- Shortened or odd links or addresses.
- An email request for your account number or personal information (legitimate providers should never send you emails or texts asking for your password, account number, personal information, or answers to security questions).
- Offers or messages that seem too good to be true, express great urgency, or are aggressive and scary.
- Strange or mismatched sender addresses.
- Anything else that makes you feel uneasy.
How do I report identify theft and cybersecurity incidents?
The Federal Trade Commission (FTC) has valuable sites for reporting phishing and identity theft scams:
The FTC’s IdentityTheft.gov website should be used to report identity theft.
The FTC’s Consumer Information website has resources for consumer where they can learn how to protect themselves online and avoid phishing attacks.
Please call or email NAHB General Counsel Abby Adams, 202-266-8345, with any questions, concerns or additional information.