Dear ISST Members,

Scams are not new to the internet world. Thanks to feedback from many ISST members, we were able to identify a pattern of a recent scam that targeted select ISST members. After a thorough review, I want to reassure members that we have no evidence that a security breach of our media occurred. This was not a “hacking.” Our new website and listserv use the latest security features to protect your data. All of the information that the recent scammers used was publicly available on the internet.

Our new website uses safety features to ensure that your email is not available to web browsers, but still allows searchers interested in contacting you to do so through the website, a significant upgrade from our past websites. With the help of many members, along with Chris Hayes, the ISST Secretary, we were able to identify a pattern of the scammers. To lessen the possibility of future scams, our ISST President, Eckhard Roediger, acted swiftly to redirect the old ISST website (www.ISSTOnline.com) to our new website (www.SchemaTherapySociety.org). However, scammers can still use multiple methods to "con" people, and ultimately it is up to every individual with a web presence to know the warning signs of scams, and to protect themselves from malicious cons.

In the latest incident, the scammers used “Spear Phishing” with “soft targeting” methods to capture publicly available names of a few ISST members, including leaders of the organization, and to build “characters” around “stranded traveler” names to then email and, in some cases, even call members they selected to play out their scam. This is not the first time members have been targeted with similar scams, and we can expect more in the future. A quick Google search will show you that these “stranded traveler” scams have thrived since 2012, and are becoming even more common now (ransom scams are up 800% in 2016). 

Scams can happen through email/text/phone/mail or any other method to contact you. Scammers use an individual's web presence against them. For instance, they can search social media and other easily accessible and publicly available media outlets to build a personality around the characters they have selected, and then to prey on members’ sympathy to “save” the “stranded traveler.”

By having a web presence in any form, whether as a member of an organization, a social media user, or any other outlet, you assume responsibility to protect yourself against malicious scammers. I have listed some commonalities to help you identify common scams, and to help you protect yourself. I also strongly encourage members to follow three steps:

1.Never list your email address or private telephone number on a website that is open to the public—this includes the ISST website, and your personal website

2.Check your privacy settings on your social media accounts (Facebook, Twitter, Instragram, Google+)  to ensure that personal information is not open to the public. For instance, on Facebook, go into your "settings" and mark your page and postings so that they are only visible to “friends." Never accept someone as a "friend" who you do not know personally

3.If you have a personal website that you have linked to the old ISST website, please update it with the new link: (www.SchemaTherapySociety.org)

If you have any questions, or have more information, please contact me directly: EMAIL We want to ensure ISST members that we will continue to use every method possible to protect your data, while still providing the most up-to-date methods to help members from around the world safely communicate with each other.

Warmly,

Travis Atkinson

ISST Board Public Affairs Coordinator

How to spot "Phishing" emails:

1. The email has improper spelling or grammar: this is the most common sign of a "phishing" email, and the phishing email targeting our members was no exception. 

2. The hyperlinked URL is different from the one shown in the email: when you hover your mouse over a link in the email (without clicking it), you may see that the actual URL differs from the one displayed. You can also hover your mouse over the email address in the 'from' field to see if the website domain matches the organization the email is supposed to have been sent from. 

3. The email urges you to take immediate action: instead of following the action from the email, contact the person or organization directly through a verified contact number to see if the email is legitimate. Remember, it is highly unlikely that a member would reach out in the "stranded traveler" scenario.

4. The email requests your personal information: reputable organizations don't ask for your personal information via email.

5. The email says you've won a contest you haven't entered: claiming that you've won a lottery or a prize is a common phishing scam.

6. The email asks you to make a dontation or help another organization member in need: scam artists often send out phishing emails inviting recipients to send money to help another member who is supposedly "in need" due to a crisis, and use the names of other members to help support their claim. Therapists are often targets of such "soft" phishing scams, and several other therapy organizations have been targeted with nearly identical messages.

7. The email includes suspicious attachments: if you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware that may lead to phishing on your device--a much more serious threat that was not involved in this scam.

What to do if you receive a suspicious email?

1. If it involves ISST members or matters, please contact us immediately: a key to stopping the scammers in this latest incident was that other members quickly contacted us, which allowed us to warn all members we could contact. EMAIL: POTENTIAL SCAM

2. Adjust your email settings for what is allowed in your inbox: use your email program to select incoming emails to be sent immediately to "junk," except those from your contacts and safe senders. You can then browse your "junk" folder to see which messages are legitimate. 

3. Security software is a must: antivirus protection software can help warn you if a website is a forgery, and can stop malware from being activated on your device. 

4. Report the phishing scams: major email providers offer tips to avoid scams, and email addresses to forward suspicious emails to.

Google and gmail addresses: LINK

Microsoft Outlook & other email addresses: LINK

Apple addresses: LINK

Yahoo addresses: LINK

Your local or national government may have contact emails to report scams. Do a Google search to locate your local email address to forward the email to.