Beware of Online Phishing Scams
A few days ago I got an official-looking email from PayPal letting me know that my account information needed to be updated. Happy to oblige, I clicked the link and it opened a web page with a form that I could use to update my
information. Then my Spidey sense started tingling.
Upon further examination, I realized that this wasn't PayPal's site! It was some scam artist trying to trick me into giving away my credit card information! I was this close to becoming a victim of an online scam known as phishing. I'm posting this in the hopes that it helps educate people about this increasingly popular scam.
Phishing is essentially the act of sending an email, falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. It starts with an official looking email. Here is the email that I
received. (Click for a full view.)
Note that the "From" and "Reply-to" addresses all look legitimate. Email addresses cannot be trusted because they are very easy to fake. The logo and language is official looking enough. They even offer a note for Hotmail users on how to work around the built in "anti-fraud plug-in." How nice of them. Often times, the email will threaten to cancel your account unless you update your information right away or tell you that you won a prize that you need to claim. It's all part of the ploy to get your information.
Once you click on the email link, you'll be taken to an official looking site. Here is a shot of the scam site I almost fell for. (Click for a full view.)
The scam site looks 100% identical to paypal.com's official web site. Although, in this case, I noticed that the URL was not pointing to http://paypal.com/, but somewhere else. (See the highlighted section.)
You should know that it is also possible to hack the URL so that it shows an official-looking URL while pointing to a scam site. Luckily, that wasn't the case here.
So what can you do to protect yourself from these evil doers?
- Never, ever give your personal information to someone requesting it in an email.
Legitimate companies that you want to do business with will never ask for personal information in an email. If you are concerned about your account, open a new web browser and type in their website instead of clicking on a link in email, or call them. Be careful. Your Spidey sense should be tingling. - Don't email or instant message your personal information to anyone. Not even to someone you know. Email and IM are not secure. It is very easy for someone to intercept and read your messages.
- Review your credit card and bank account statements regularly. Report anything that looks suspicious.
- Apply the latest security patches to your computer. Run anti-virus and firewall software. Use a more secure web browser.
If you run across a phishing scam, report it to the legitimate company that is being mimicked and the Anti-Phishing Working Group, a non-profit group that is trying to eliminate this crud. In the future, you'll see more and more sites trying to counter this threat by providing more secure communication. EBay, for example, is rolling out a private messaging service
to customers to make it easier to distinguish official announcements from fraudulent phishing emails. Instead of getting email from them, you'll log into "MyMessages" on their site to read messages about your
account.
The threat of online scams is real and growing. A friend of mine had his eBay account hijacked. Someone bought over $1 million dollars worth of merchandise in his name. We're talking planes, cars, you name it. He got things straightened out with eBay and his bank, but not before receiving threats against his family from some of the sellers that had been ripped off.
My intent is not to scare anyone, but to make you aware of the possibilities. You wouldn't hand your credit card to any Joe six-pack on the corner who asks for it, but that doesn't mean you stop eating out. Following these useful tips and using common sense will help keep you safe online.
