Fraud Prevention




How to Avoid Getting "Hooked" by Phishing Schemes

By now, hopefully, you already know that "phishing" is not something you do from a boat on a lazy summer day, and has nothing to do with a rod and reel. It does, however, have one thing in common with that other activity - the use of bait.

Today's computer criminals never have to leave the relative safety of their living rooms. Not only can they rip you off while still wearing their bunny slippers, but they actually get you to send them your most valuable information. How do they do it? They send you an email that looks like it came from your bank, credit union, credit card issuer, or anyone else you may be doing business with online, such as E-Bay or Amazon Books. The return address looks legitimate. The logo and graphics all look appropriate. In fact, many times, the email will be an almost exact copy of the real thing. There will be one major difference between this email and the real thing, however. This email will ask you to "verify" or give up information that the real institution should already have, and therefore would never need to ask you for.

How do they know that you're doing business with a certain bank or merchant? They don't. They're just "phishing."

With today's technology, computer crooks can send literally millions of emails out in a single afternoon. If five percent of the people who are on his list are Amazon customers, for example, that's a total of 250,000 people who may fall for the trick. If only one percent of that group responds to the bogus email, that's 2,500 new and unwitting victims of the criminal's phishing scheme. And that's just one crook's take every day.

What are they after? They want your credit card numbers, your social security number, your logins and passwords, and anything else that can either be sold to other criminals or used in fraudulent transactions. How can you avoid being scammed by phishing schemes? Read and follow the steps listed below and remember: No reputable business will ask you for that sort of information by email.

Here are some of the things to look for if you suspect that an email or web site is part of a phishing scam.
  • Look for signs that the email return address has been "spoofed." Sometimes the return address looks real, but it isn't where the email actually came from.
  • Check to see if the email is actually addressed to you. Just because it is in your in-box doesn't mean they actually used your correct email address.
  • Look to see if the email calls you by name. Most spoof emails begin with "Dear Customer" or some other generic salutation.
  • Many spoofed emails claim that information about you has been lost or must be re-verified. This rarely, if ever, happens in real life.
  • They also attempt to instill a false sense of urgency by telling you that if you do not comply within a certain time limit, you'll lose privileges or have to pay a fee of some sort. Claims like "Your account is in jeopardy!" are designed to make you worry about something other than getting ripped off!
  • Never click on links requesting personal information. While the link may lead you to a web site that looks authentic, it may be a spoofed site, meaning it is a clone, made to look like the real thing, but it exists solely to trick you into entering your sensitive information.
  • When you want to visit the web site of a company you regularly do business with, type in the address yourself, or follow a bookmark.
  • Never hesitate to contact the merchant or institution whose name appears on the email to determine if it is real or not. And remember, real businesses do not operate in this fashion. Only criminals do!

    Can you spot the signs of fraud?

    A - - The spoof email may include a forged email address in the "From" line - Some may actually be real email addresses that have been forged.

    B - - Many spoof emails will begin with a general greeting such as "Welcome Valued Customer."

    C - - Claims that files or accounts are being "updated" - Don't worry, it is highly unlikely that we (or any reputable vendor) would lose your account information1

    D - - Urgency. Act now, or you'll lose your access!

    E - - Requesting sensitive information or logins by email.

    F - - While many spoof emails have links included, just remember that these links can be forged too. And the address in the link shown doesn't always display where the link really leads to.