Avoid Phishing Scams and Fraudulent Emails
By Chris Nickson
September 11th, 2007
Like most people in the Western world, or so it seems, you've probably received an e-mail from a bank (or eBay or Paypal) about security concerns on your account. It offers a link for you to click on in order to login and warns of dire consequences, like the closing of your account, if you don't comply.
It might very well look official and even sound convincing. And often it works. People do click on the link and go to the site, which seems perfectly real, then enter their personal and private information. What they don't realize is that they've been a victim of "phishing," a form of online con. The link that seemed real enough took them to a fake site, and the account details they entered have been passed along to a remote server, where the person can now become a victim of identity theft.
The word phishing has been in the lexicon for just over a decade, and in that time it's quickly gone from referring to relatively crude criminal operations to extremely sophisticated hoaxes. If you want an example, just look at the results of a recent scam which targeted Monster.com. Thousands of people received an e-mail, with their name at the head, urging them to download a toolbar. Those who did had unwittingly installed a keylogger, which noted everything they did on the keyboard (which of course included entry of passwords, Social Security numbers and other sensitive data) and transmitted it to a remote server. Over 1 million job seekers were victimized.
If you become a victim, you're going to have to deal with all the problems associated with identity theft. That will not only cost you piles of cash and possibly affect your credit rating. It can take literally years to undo the damage inflicted by these crimes even with the best help money can buy. This is an instance where prevention is much, much better than cure.
How to Spot Fakes
It used to be quite simple to spot phishing e-mails. In the old days, they were amateurish affairs, often featuring misspellings and poor grammar. But they've improved rapidly, like this common example that claims to be from Paypal.
You'll note that it's not addressed specifically to any recipient – it's a generic mail. Paypal and any other financial institution, or even a company like eBay for that matter, will address e-mails to a specific person as another level of security.
Secondly, as you'll notice, if you run your mouse over the link, you'll see that the URL displayed isn't the real one. Click on it and you'll go to an authentic-looking, but very fake, site which exists only to milk your details.
That's a typical example, and you'll still find many with similar characteristics. But you'll also find those personally addressed to you (as was the case with Monster), so be warned.
1. Be suspicious of every e-mail relating to finances or logins, or that requires the entry of sensitive personal information.
2. Never ever click on a link in an e-mail, or one from a Web page or even in an instant message. Instead, type it into your Web browser (don't copy and paste).
3. Never send financial information in an e-mail, even via a form.
4. When giving financial information on a site, make sure it has the https and closed padlock symbol displayed. (But beware, since you can also find fake sites that supposedly use https:// at the start, indicating they're secure, along with the closed security padlock icon, to offer a false sense of security.) In other words, paranoia pays – don't trust anything.
5. Make a habit of checking your online accounts regularly for suspicious activity. Scrutinize all your monthly statements, and obtain a copy of your credit report at least once a year.
You might also want to think about putting an anti-phishing toolbar on your browser (they're already in Microsoft's Internet Explorer 7 and newer versions of Firefox). There are a number available.
Firefox warning screenshot