If you’ve recently received a strange email from a WAFP address, it is likely a phishing attempt. This version was recently brought to the attention of WAFP staff:

A few telltale signs indicate that this is a phishing attempt:

  • Note the mismatch between the displayed email text (“Brian@wafp.net”) and the subsequent text (“george.rudenberg@cox.net”). For legitimate WAFP email, the display email text will be a name (Karla Graue Pratt or Brian Hunsicker) and the text that follows will be the corresponding email address (karla@wafp.net or brian@wafp.net).
  • There is no personalization. Whenever possible, particularly on initial emails, WAFP staff endeavors to personalize the greeting so you know that you are the intended audience: Dear Dr. Smith, Dear Membership Committee member, etc.
  • The URL “linking” to the invoice doesn’t pass the smell test. Most links sent by WAFP staff would be to a recognizable website: wafp.net, seattletimes.com, spokesman.com, wsma.org, etc. Less recognizable links would include a specific explanation as to what the link led to. In addition, WAFP staff does not use our website to host invoices; if, however, we were linking to a specific document as the email suggests, the link would reflect that. In such a case, the URL would end in .pdf, .docx or some other indicator that you were accessing a file, not a webpage.
  • WAFP staff does not use its email addresses in lieu of a name, as this email does in the closing.

Unfortunately, this is a very common practice from scammers. WAFP – and any other legitimate organization – has very little power to prevent scammers from using our contact information in such a way.

Some additional warning signs from Apple:

  • Your email address or phone number is different from the one you gave to that company.
  • The message looks significantly different than other messages that you’ve received from the company.
  • The message request personal information, like a credit card number or account password.
  • The message is unsolicited and contains an attachment.

Learn more about phishing scams from the Federal Trade Commission and Microsoft. And if you have any questions, please don’t hesitate to contact us!