While the internet was created to allow an open flow of information, entertainment, and ideas between people and businesses, it is unfortunate that not all users of the internet can be trusted to use its capabilities for honest purposes. Today’s post is the first in a series of planned articles to help you avoid becoming a victim of common internet pitfalls.
“Phishing” scams are one of the latest internet dangers, and can be quite damaging for their victims. In a phishing scam, deceptive e-mail messages are sent which appear to come from a legitimate business or organization (retailers, local or national banks, government agencies, or companies like eBay or PayPal) in an attempt to trick the individual into responding with sensitive information such as account numbers, passwords, social security numbers or other personal details. These fraudulent e-mails may appear to be authentic at first glance, even using actual company logos in order to be convincing, and will instruct the individual to reply or click a link to fill out an online form with requested information. Individuals who fall for a phishing scam e-mail and provide personal sensitive information can end up dealing with fraudulent transactions, stolen identity, and credit problems.
While the consequences of falling for a phishing scam are quite serious, you shouldn’t stop using the internet or e-mail out of fear of becoming a victim… there are a number of precautions you can take to protect yourself:
- Be SUSPICIOUS – You should ALWAYS be cautious about any e-mail that asks you to provide information. Retailers and businesses only need your account details when you go to their web site on your own (for online shopping for example). Banks that you do business with already have your account number and all the information they need, and should never send you an email requesting that you help “update their records” or demanding that you click a link and fill out a form to provide additional information.
- Learn to IDENTIFY a fraudulent e-mail – Don’t trust the name which appears in the ‘From’ portion of the message… use your e-mail program’s option to “View Full Message Headers” and check the actual email addresses appearing in the ‘From’ and ‘Reply to’ lines. An email from PayPal or your bank will never come from a freebie-type e-mail address ending in “hotmail.com” or “gmail.com” or other. But be careful here too, as even the e-mail address can be spoofed by a particularly crafty scammer to look legitimate. Sloppy scammers may send e-mails containing misspellings, while scammers overseas may send e-mails that contain broken English or awkwardly-constructed sentences, resulting from using a translation program to create the text of the message from another language.
- Refer back to Step 1… be SUSPICIOUS and if you have reason to doubt the authenticity of the message, simply DELETE it. Do not reply to suspect messages, and definitely do not click any link or images within the message, as this will confirm for the sender that he has reached you through a valid address (which can result in more unwanted e-mail messages). Clicking a link in a phishing e-mail will take you to an impostor web site designed to appear legitimate where you are requested to fill in a form with the personal information requested… but if you provide a spoofed web site with your information, you may as well just gift-wrap your credit cards and checkbook and send them to the scammer directly.
If you have any doubt about the authenticity of an e-mail message which appears to come from a bank or business that you do business with, you can contact the bank or business directly using a phone number which you know to be correct to see if they have sent the e-mail message.
In the event that you think an e-mail message is authentic, you still typically will not need to click a link within it in order to provide the needed information… it is safer to go directly to a web site by opening a blank window in your web browser and entering in the full URL address – http://www.bankofamerica.com/ for example – where you can then safely log in to your account and take the needed action or access any alerts directly. Or you can contact the business by phone or visit and handle the matter that way.
Only in specific instances (for example, to activate a new account that requires email address verification), should it ever be necessary to click a link in an e-mail message; and in that example, the e-mail would arrive within minutes of your action taken to create the account, rather than just appearing in your inbox unexpectedly.
By keeping these tips in mind, you should be able to continue to use the internet and e-mail while avoiding the potential traps of phishing scams.