Expect more “phishing” emails
Spoof emails are on the rise, and they are getting trickier.
Several months ago Computers.net
released an article called “10 Ways To
Recognize Fake (Spoof) Emails.” Since then there has been a rapid increase
in the number of “phishing” (pronounced “fishing”) scams, or scams that fool
people into giving credit card numbers and other financial information by email
or over the Internet. Apparently, scammers have figured out that they can con
more people by mimicking companies who do business primarily online, such as PayPal, eBay,
and online banks. These phishing emails are made to look identical to the real
ones, often using the same logos in an attempt to convince recipients that they
are the real thing.
Copycat web sites
Because many
computer users are used to providing credit card information on web sites like
PayPal.com, a growing number of phishing scammers have begun setting up copycat
web sites that often look exactly like the real thing. They then send out mass
emails usually asking people to click on a link and “verify” their accounts,
including usernames, passwords, and credit card information. Many times the
copy cat websites will be set up with very similar names, such as www.payqual.com
or www.paypa1.com (note the number “1” instead of the letter “l” at the end of
the second name).
How to spot a spoof
Here are three easy
signs to help avoid phishing scams.
- Generic
greetings. This is the easiest way to recognize a spoof, scam, or phish
email. Remember, the scammer does not know your name. For this reason, most
spoof emails begin with a general greeting, such as: “Dear PayPal
member.” If you do not see your first and last name, be suspicious and do
not click on any links or buttons. - False sense of
urgency. Spoof emails will often come marked “urgent” or with an
exclamation mark. Some will claim your account has been misused to alarm you. The
idea behind this is to rush you into giving up financial information you
normally wouldn’t. Be suspicious of all emails marked urgent (!), especially
ones with a generic greeting. - Deceptive email
links. A link in an email can look like the correct URL of a company and
link some place totally different. Never log in to PayPal, eBay or any online bank from a link
in an email. If it is a legitimate email, you should be
able to get to the same information by opening a new browser window and typing
in the company’s URL yourself. Even then, you should only enter your password
on secure web pages. These begin with “https://.” The “s” in “https” stands for
“secure.” All legitimate online companies will switch to https:// when you need
to enter a password or other sensitive information. When viewing a secure web
page, a padlock graphic should appear in the status bar (usually the lower
right of your browser window). This combination cannot easily be faked.
Be part of the
solution
With the growing
popularity of eBay and PayPal and online banking, scammers are counting on the
fact that if they email enough people, some of them will respond by innocently
clicking the link in the email. Once username, password, and other account
information is typed in, it is in the hands of the scammer. If caught soon
enough, passwords can be changed, accounts can be closed, and new credit cards
can be issued. But what can be done about the scammers? The best way to help
curb phishing is to warn others about it. It is also a good idea to forward all
suspicious emails to [email protected] (e.g. [email protected]). Companies like
eBay and PayPal have set up a spoof email address as a simple reporting system.
Some will even reply to let you know if the email you forwarded was a spoof or
not. If the email is a spoof, they can then attempt to trace and shut down
phishing web sites.