Phishing and E-Mail Scams

A particularly nasty type of spam is “phishing” (pronounced “fishing”): messages that look like they’re from your bank or other official place which tell you there’s a “problem” with your account and you have to come by and “confirm” your information.

Popular targets are Paypal, eBay, and large banks. The scammers have no idea whether you’re really a customer of such places, but by choosing large financial institutions their odds are pretty good. The link may even look like it goes to the correct financial institution, but it doesn’t really. For instance, take a look at this link: http://www.Google.com. It’s a link to Google, right? Nope! Hover your cursor over it, or click it; you sure won’t go to the Google site! It’s not always quite that obvious, either. You might hover and see that the target is “http://www.paypal.com” and a bunch of other text, but if you look closely you’ll see that there’s another dot after the “.com”, not a slash — and that the real destination isn’t Paypal at all, but rather www.paypal.com.spammer-site.com — very, very different.

If you’re not sure if the mail is legit, do not click on the link! You’re betting all the money in your account that you’re right. If you want to check your account and make sure it’s OK, then use your regular bookmark, or carefully type in the correct link address yourself. But never click a suspicious link to check your account. The risk of losing money there is huge, and you may never get it back once a scammer gets hold of it. If you’re really unsure, call your bank’s service center on the phone.

The #1 Most-Important Thing to Know: If you’re foolish enough to click on links in “phishing” e-mails, you’ll see what looks like your bank’s real web site, but it’s not. You’re asked to put in your banking ID and password, or your credit card number, or other private information to “confirm your account.” What you’re actually doing is providing your bank information to scammers who are more than happy to use your password, which you just gave them, to drain your bank account for you. Don’t be an idiot: your bank does not need you to “confirm” your credit card number or password!

The #2 Most-Important Thing to Know: Your bank account is not the only thing at risk if you accidentally give a scammer your personal information. Sure, they’ll grab all the cash they can as quickly as they can, but what if they have your credit card number, your password, your Social Security number? They can use your account info and password to try other banks, brokerage houses, and more, and drain those accounts too! They can use the information to apply for new credit cards in your name — identity theft — and make life a living hell for you.

Never use the same login and password info on more than one financial account. Never make your password easy to guess. Your spouse’s name is a terrible password; “XcM-4&QET3%27crazy” is a great password. How can you keep track of such weird passwords? Software! Look into RoboForm (a commercial product) or Lastpass (free). You only have to remember one password: the one to access your software. It remembers the rest for you, and types them in for you when you need it.

Next Topic: You May Be Spamming Your Friends and Enabling Crime!