By now you would think that most people know not to click on suspicious links in email, on Facebook, in pop-up ads, etc. But you would be surprised how many do still fall for this. Scammers are getting more crafty at making fake websites and emails look real. And since the holidays just passed, there may be even more phishing email floating around than normal. Over the past month you have probably been paying more attention to your online accounts and emails than you normally would while you watched for order and shipping confirmations, and now possible refunds. At this time one of the major things that you need to keep your eyes open for is phishing emails.
What is phishing?
Phishing is the act of emailing or calling a person and pretending to be a legitimate business that they recognize and/or work with in hopes of tricking them into giving up valuable information. The information is then used for identity theft, hacking credit cards or debit cards, or some other type of fraud. Did you see the movie Identity Theft? She already had a little bit of info on him, but she needed more, so she called him and *phished* for the info that she was missing.
What does a phishing email look like?
Phishing emails can come in many forms. But one thing is common… they are all about collecting your personal info. This may be by a form right in the email, like below. Or this may be by getting you to click a link (seen in the second example).
———- Forwarded message ———-
Date: Mon, Nov 25, 2013 at 3:34 PM
Subject: Urgent Attention Needed
Dear Account Holder, Your mailbox size of 1 GB has exceeded its quota and
we are performing an on going upgrade in our database, and we are DE-Activating
all our UN-Used account, so there can be enough space for our certified and
If You Want Your Mailbox To Remain Active, Then You Have To Provide Your
Correct Account Details.We have launched Mail Notification service through
SMS(beta testing) for our domain users. Users can get SMS alerts for email
received in their mailbox.
This is filter based so users can configure specific email id’s or domains
for this SMS notification.
Fill the detail correctly for your account to be upgraded.
DATE OF BIRTH:
From Account Department .
Thank you for your cooperation,
Here is a great example of a PayPal phishing email (taken from BustSpammers.com)
How can I protect myself?
Protecting yourself is easier than you think. Just keep your eyes open and read carefully. Pay attention to what is going on in your email. Here are a few specific tips:
1. Know that your financial institution will NEVER ask you to reply to an email with your personal information. This includes your social security number, password, account number, or anything else deemed personal.
2. Pay close attention to the from address and return address on emails that you receive. For instance, if the email claims to be from Chase Bank, however the email address next to it is Chase@ixnet.ch, you can bet that email is not really from Chase. Some phishers try to trick us with close variations on real email addresses. You may receive email from firstname.lastname@example.org, or email@example.com. As you can see these address do not match the domain of the real bank website. Mark these as spam/phishing and do not click anything in that email.
3. Pay close attention to links in emails that you receive. Again, if the email claims to be from Chase, and the link in the email points to anything other than Chase.com, then do NOT click it. Also, even if the link that you see in front of you says http://www.chase.com, hover over it and you may get a different story. This could be a completely different link, or a link showing as an IP address.
4. If you are not sure whether or not the email you received is real, contact your financial institution. Instead of clicking the link in the email log in to your bank website ON YOUR OWN IN A NEW BROWSER WINDOW. See if there are alerts there for you. Or, simply call the bank and ask if any emails have been sent out.
5. Keep your virus software and malware protection up to date. If you do click on a link that contains a virus, having up-to-date virus software can be the difference in whether or not your computer is infected. Use the Internet Browsing Protection feature to protect your computer while you browse the internet.
Although many of these emails probably end up in your spam folder, some may make it through to your inbox, so be careful. The more you protect yourself, the less likely you are to be a victim of identity fraud.