Phishing and E-Mail Scams

A particularly nasty type of spam is "phishing" (pronounced "fishing"): messages that look like they're from your bank or other official place which tell you there's a "problem" with your account and you have to come by and "confirm" your information.

Popular targets are Paypal, eBay, and large bank customers. The scammers have no idea whether you're really a customer of such places, but by choosing large financial institutions their odds are pretty good. The link may even look like it goes to the correct financial institution, but it doesn't really. For instance, take a look at this link: http://www.Google.com. It's a link to Google, right? Nope! Hover your cursor over it, or click it; you sure won't go to the Google site! It's not always quite that obvious, either. You might hover and see that the target is "http://www.paypal.com" and a bunch of other text, but if you look closely you'll see that there's another dot after the ".com", not a slash -- and that the real destination isn't Paypal at all, but rather www.paypal.com.spammer-site.com -- very, very different.

If you're not sure if the mail is legit, do not click on the link! If you want to check your account and make sure it's OK, then use your regular bookmark, or carefully type in the correct link address yourself. But never click a suspicious link to check your account. The risk of losing money there is huge, and you may never get it back once a scammer gets hold of it. If you're really unsure, call your bank's service center on the phone.

The #1 Most-Important Thing to Know: If you're foolish enough to click on links in "phishing" e-mails, you'll see what looks like your bank's real web site, but it's not. You're asked to put in your banking ID and password, or your credit card number, or other private information to "confirm your account". What you're actually doing is providing your bank information to scammers who are more than happy to drain your bank account for you. Don't be an idiot: your bank does not need you to "confirm" your credit card number or password!

Again, banks never send "confirm your account" e-mails. Some will send you a notice that they have taken action to secure your account if they detect possible fraud. "Hover" the link on any notice you get: if it doesn't show the link you expect, it's a phishing attempt and you should delete it. If it does, and you think it's legit, still do not click on the link, but rather use your own browser bookmark to go check on your account.

The #2 Most-Important Thing to Know: Your bank account is not the only thing at risk if you accidentally give a scammer your personal information. Sure, they'll grab all the cash they can as quickly as they can, but what if they have your credit card number, your password, your Social Security number? They can use your account info and password to try other banks, brokerage houses, and more, and drain those accounts too! They can use the information to apply for new credit cards in your name -- identity theft -- and make life a living hell for you.

Never use the same login and password info on more than one financial account. Never make your password easy to guess. Your spouse's name is a terrible password; "XcM-4&Q" is a great password. How can you keep track of such weird passwords? Software: RoboForm is what I use. You only have to remember one password: RoboForm's. It remembers the rest for you, and types them in for you when you need it. There's a free version and a paid version that does even more.

Next Topic: Urban Legends: Innocuous E-Mail Can Still Be Irritating

Copyright © 1996-2010 by Randy Cassingham, All Rights Reserved. All broadcast, publication, retransmission, copying or storage is strictly prohibited without prior written permission (contact the author). This is True® is a registered trademark of ThisIsTrue.inc and is used with permission. (Privacy Statement)