Email scam posing as library on west side of state

Posted on April 4, 2017 at 6:00 am

By Jane Baker

To be clear up front, we have not heard of any scams regarding the Spokane County Library District, or any of our libraries. Also, scammers will use anything they can to get your money. So when we heard of an email scam involving the Seattle Public Library, we thought we’d take this opportunity to help prevent something similar happening with Spokane libraries.

In the Seattle area last month, several people reported receiving scam emails using the email address “joan@seattlepubliclibrary[dot]com” (note: bracketed text replaces the period in the email’s domain name). This email included subject lines about overdue and lost library books. These emails contained a link to sites used to spread malware or malicious software to recipient computers. It’s important to note that more than half of the recipients of this email scam do not have library cards and there has been no breach of security at the library. Scammers are just sending a broad message to whoever takes the bait.

About the real-looking fake email address: most libraries in the U.S. have a website and email that end with the extension “.org”, or “.edu” if affiliated with a college or university. The “.com” ending is the first red flag that perhaps the sender isn’t a library at all. If you are ever suspicious of an email or website link, you can look up the domain at www.whois.com to find out registrar and owner information. For example, the scammer using the email ending in “@seattlepubliclibrary.com” is actually registered as an entity in the Cayman Islands (second image below). Here’s what the actual domain (first image) and the fake domain for Seattle Public Library look like:

Domain information from whois.com for actual Seattle Public Library domain

Domain information found at whois.com for fake library domain

To be proactive, here are some things to keep in mind about your Spokane County Library District account:

• Emails about overdue and lost items, general bills, holds, reminders, as well as welcome messages will always come from our official domain: .org.
• If your account is sent to a collection agency for overdue fines, they will only contact you by postal mail or phone. They do not send emails.
• Our monthly eNewsletter about upcoming programs is generated from a system completely separate from your library account.

If you receive an email that doesn’t seem to be from a trusted source:

• Do not open it
• Delete it immediately
• Do not download any attachments
• Never clink links that appear in the message
• Do not reply to sender and do not call phone numbers provided in the message
• When in doubt, contact the business or organization using a verified phone number or email address that you’ve found elsewhere
• Report email scams to the Better Business Bureau and the Washington State Office of the Attorney General to help notify others and stop scammers

There has been no security breach of our library accounts, nor does the Spokane County Library District store any payment information. This article was written as a preventative measure to remind all of us to be aware that these email scams, and phone scams as well, will use any means they can to get what they want.

Tags: BBB, Better Business Bureau, consumer education, email scams, financial literacy, fraud, phone scams, scams, technology