As I went through my e-mail this morning, deleting all the spam one e-mail at a time, I couldn't help but notice the number of "phishing" e-mails I was getting.
The practice of phishing is when someone out there in cyberspace constructs an e-mail to look like it's coming from a legitimate source, usually a bank Web site, when it's not.
Most of the time, these e-mails will tell you that, for one reason or another, you need to confirm your user name and password in order to keep your account open. If you don't, they say you run the risk of having your account closed. They usually will include a link to follow and the page the link brings you to looks exactly like what you would expect were you to go to the actual Web site.
Enter your user name and password, and you can find your account drained in minutes.
So, what is one to do to keep from getting scammed like this? Well, to try to answer this question I'm looking at some of the phishing bait e-mails I have received over the last few months. Yes, for some strange reason I've been collecting them. One reoccurring theme I see is a sense of urgency. Most of the e-mails will have the original bank or other organization's logo making it look like it is from a legitimate source, but it will contain an urgent message.
Following are two examples.
Example 1: "In order to be prepared for the smart card upgrade on Visa and MasterCard debit and credit cards and to avoid problems with our ATM services, we have recently introduced additional security measures and upgraded our software. The security upgrade will be effective immediately and requires our customers to update their ATM card information. Please update your information by following the link given below."
This is to generate a sense of urgency. In this case, if you don't follow the link, you run the risk of having your card stop working due to "upgraded software and security measures."
Example 2: "This is your final warning about the safety of your account. If you do not update your billing information your access on will be restricted and the user deleted. The reason to do this might include: a recent change in your personal information like a change of address, submitting invalid information during the initial sign-up process, an inability to accurately verify your selected option of payment due an internal error within their processors. Please update your profile in order to restore your online access."
Then they include a link for you to follow to submit the required information.
If you ever get an e-mail saying an account you have with some institution is in danger of getting cut off unless you update your information online, a bell should go off in your head.
No legitimate institution is going to contact you over e-mail to update your account.
If your account were in jeopardy, you would receive a phone call or postal message, not an e-mail.
Another thing you can do is hold your mouse over the link they want you to click. Don't click it or fill out any information of course, but hold your mouse over the link and see what the actual address is. It may pop up in a little pop up or reveal itself down in the status bar. You will likely see that the address is either a raw IP address or will have your bank name embedded in some other domain name (such as http://your_bank.otherdomain.com), a sure sign of a fake.
If you have doubts and think the e-mail may actually be legit, pick up the phone and call whoever supposedly sent you the e-mail. But don't call the number on the email they sent, call the number you have in your own account records. At least you know that number is real.
Sean McCarthy fixes computers. He can be reached at (888) 752-9049 or help@ComputeThisOnline.com (no hyphens).