As I went through my email this morning (deleting all the spam one email at a time) I couldn't help but notice the number of "phishing" emails I was receiving.
The practice of phishing is when someone out there in cyberspace constructs an email to look like it's coming from a legitimate source (usually a bank Web site) when it's not.
Most of the time, these emails will tell you that (for one reason or another) you need to confirm your user name and password in order to keep your account open. If you don't, they say you run the risk of having your account closed. They usually will include a link to follow and the page the link brings you to looks exactly like what you would expect were you to go to the actual (bank's) Website.
Enter your user name and password, and you can find your account drained in minutes.
So, what is one to do to keep from getting scammed like this? Well, to try to answer this question I'm looking at some of the phishing bait emails I have received over the last few months (yes, for some strange reason I've been collecting them) and one reoccurring theme I see is a sense of urgency. Most of the emails will have the original bank (or other organization's logo) making it look like it is from a legitimate source, but it will contain an urgent message.
Following are two examples.
Example 1: "In order to be prepared for the smart card upgrade on Visa and MasterCard debit and credit cards and to avoid problems with our ATM services, we have recently introduced additional security measures and upgraded our software. The security upgrade will be effective immediately and requires our customers to update their ATM card information. Please update your information by following the link given below."
This is to generate a sense of urgency. In this case, if you don't follow the link, you run the risk of having your card stop working due to "upgraded software and security measures."
Example 2: "This is your final warning about the safety of your account. If you do not update your billing information your access on will be restricted and the user deleted. The reason to do this might include: a recent change in your personal information (i.e. change of address), submitting invalid information during the initial sign up process, an inability to accurately verify your selected option of payment due an internal error within their processors. Please update your profile in order to restore your online access."
Then they include a link for you to follow to submit the required information.
If you ever get an email saying an account you have with some institution is in danger of getting cut off unless you update your information online, a bell should go off in your head.
No legitimate institution is going to contact you over email to update your account.
If your account were in jeopardy, you would receive a phone call or postal message, not an email.
Another thing you can do is hold your mouse over the link they want you to click. Don't click it or fill out any information of course, but hold your mouse over the link and see what the actual address is (it may pop up in a little pop up or reveal itself down in the Status Bar). You will likely see that the address is either a raw IP address (xxx.xxx.xxx.xxx) or will have your bank name embedded in some other domain name (such as http://your_bank.otherdomain.com) a sure sign of a fake.
If you have doubts and think the email may actually be legit, pick up the phone and call whoever supposedly sent you the email but don't call the number on the email they sent, call the number you have in your own account records. At least you know that number is real.
Sean McCarthy fixes computers. He can be reached at (888) 752-9049 or help@ComputeThisOnline.com (no hyphens).