Avoid Email Spoofing and Phishing

Over the years you have probably seen a variety of interesting emails from long lost relatives in some foreign country that some how managed to lose their passports and every dime they’ve ever owned. Yes, we do feel for those poor saps, but we don’t feel bad enough to send them the $2,500 bucks they need to get their passports back. Like most of you out there, we casually just delete those messages and forget about the awful guilt about 2 seconds after hitting the delete button.

But…. What if your boss emailed you and asked you to move money from your league’s account to this new account number? The email looks and sounds totally legit, but you still have this gut feeling that there is something off about this. You’ve never been asked to do anything like this before, and whose account is this anyways? One or two questions quickly turns into 5 and then 10, and finally you say, “Hey the boss asks, and I deliver!” — WRONG!

If the email looks phishy (see what I did there?), then it probably isn’t legit. Here at Cal North, we’ve received a variety of these emails and have implemented a few good common sense policies that we hope help you with this problem as well.

First… If an email doesn’t look legit, it probably isn’t. The best thing you can do is pick up the phone and call that person. Don’t respond to the email, or click on any of the links. Just take two minutes and call to confirm the message is real. If you can’t call, then you may want to look at the source code of the email to determine if the IP address of the server that sent the message matches the IP address of other emails sent by the same user (see this tutorial on how to do this).

Second… Everyone should sign their emails either with a unique signature, or in a specific way. Let your coworkers, family/friends (especially if you’re traveling abroad), and other VIPs know how you do this. E.g. If you have a middle initial, you can include it in your signature. Maybe less professional, but a unique emoticon works to 「(°ヘ°)

Third… Now if it’s your job to determine why this is happening, forget about it. It happens because of a long history of how email came to be, and the fact that everyone wants email to be immediate and convenient. But if you still want to know more about how this actually works — take a look at this Lifehacker explanation: How Spammers Spoof Your Email Address (and How to Protect Yourself).

Credit Card Refund Functionality Updated

Affinity recently changed how refunds are processed, requiring registrars to enter the credit card number used to pay. This makes the cardholder’s account more secure by not saving the card number in the system, but it does require the registrar put in the additional effort of collecting the card number when trying to process a refund.

In an effort to make things easier for registrars, instead of collecting the credit card number and issuing an immediate refund to the cardholder’s account, you can now submit a refund request to Affinity Sports to be processed on behalf of your organization.

In other words, you have the option of allowing Affinity Sports to complete the refund on your behalf, without you having to collect the credit card info from the cardholder. To do so, click the refund link next to the transaction and you will be presented with two options pictured below.

Refunds

If you are using option 2, please check the box to request this refund and ensure that you have entered the correct amount to refund for each available product.

This will be recorded as an offline refund and may take an additional 7 days to be formally submitted by the Affinity Sports Accounting Department as a credit back to the cardholder, but you won’t need to collect any credit card info from the card holder.