Written by: Jeff Harrelson, Manager of Broadband Services
If an email showed up in your inbox with that said,"Send me your money," what would you do with it? Of course, you would delete it. But, what if that request was hidden? Would you know what to do? Would you even know it was the same request? “So,” you ask, “how can someone disguise that statement?”
Well, they can and they do. And every day people fall for it. This is a very common scam known as PHISHING. It is like fishing where some bait is thrown out in the hope that something bites. In this case it is a practice of electronically requesting personal information such as address, passwords, birthdates, credit card information, social security numbers, or any other information that can identify you. This information can then be used to steal your identity. With this information the perpetrator can cause you all kinds of grief. For example:
- They may use your email address for spam. You could lose your email address, lose your internet service and/or unwillingly spread viruses all over the world.
- They may be able, with surprisingly little information, to access your bank records, medical records, credit card, or other accounts that can cause you substantial financial loss.
- They may use your identity as a front for criminal activity so that once the authorities begin to investigate, you appear to be the criminal and the real criminals are able to vanish into the thin air of technology.
Now that we have touched on the disgust, let’s get back to the disguise. You are being phished if you get an email that appears to be from your Internet Service Provider (ISP) that says:
“You are nearing the size limits of your account. Click here to upgrade now.”
“This email account will be deactivated shortly. Verify your information here.”
Once you click on the link, you will be taken to an official looking form that will ask you “for security” to confirm your password, account number or some other form of identification.
You are also being phished if you get an official looking email that appears to be from your bank, e-bay or other similar online account – yes it will have the logo and everything – and it warns:
“Update to online account information required. Complete activation here.”
“Security alert. Unauthorized access to your account. Click here for details.”
If you click on a legitimate looking link in the email you will go to a website that is set up to look like official but is designed specifically to extract your personal information.
If you get strange requests about your social media account – Facebook, Twitter, LinkedIn, etc., that you didn’t expect, request or otherwise authorize, you are probably being phished.
Websites like FraudWatch International actually publish the exact known messages that are circulating on the internet. But, the best way to avoid being scammed is to educate yourself. Check out the anti-phishing website http://www.apwg.org/resources/overview/avoid-phishing-scams or even the FBI website on common fraud schemes http://www.fbi.gov/scams-safety/fraud.
And just remember a few tips:
- If you didn’t request something, it is suspect.
- Your ISP, bank, credit card company, etc. will NEVER, EVER ask for personal information or passwords in an email.
- If there seems to be typing, spelling, and syntax errors in the message, it shouldn’t be trusted.
- Always call the company that appears to be making the request if you get something that is suspicious.
- If you don’t know what it is – DON’T click on it.
- Keep your virus/malware protection up-to-date
- This scam is not limited to emails – be aware of similar requests by phone, cell phone and regular mail.