Recognizing Fraudulent Emails (“Phishing scams”)

 

   Recently, one of the largest threats on the Internet is the practice of “Phishing.”  In this, a scammer will send Emails posing as well known Internet sites in an attempt to steal passwords, financial, and personal information.  This tutorial shows an example of “phishing,” and how to recognize it.

 

 

1) The first step is to be suspicious of any unexpected Email “from” online commerce sites, especially those claiming changes to your account, even if you do have an account with that site.  This especially includes messages received at Email addresses not used for an account, and sites that you do not have an account with.

 

 

Several things will appear to be legitimate. in this case, the scammer has 1) spoofed an Email address of PayPal, and 2) created hyperlinks that appear to go to the legitimate site and 3) used the style of actual Emails from the site, including the signature and a “Protect Your Password” section (which, ironically details another way to avoid the exact scam attempted here).

 

These are not an exhaustive set of techniques used in “phishing” scams, but are good examples of things to be aware of.

 

2) The main trick of “phishing” is to create hyperlinks that appear to go to the legitimate site.  If you were to click on the links in this Email, you would be sent to a page which has been created to look like PayPal’s.  You should NOT open links in a suspicious Email.  Even if you provide no information on the site, spyware is likely installed on your computer to steal your information in other ways.

 

    One way to identify this as a scam, is to Right-Click on the link, and select Properties.

 

 

3) This shows that although the text in the Email says “PayPal”, the link actually takes you to a completely different site.

 

 

In this case, it is obvious that this is a false site, but not all are quite as clear.

 

4) Know the Website address of any company that would have any sort of private information.  If you are unsure of the company’s Website, use an Internet search engine (such as Google) to find it.

 

 

This example claimed to be from Bank of America.  Here, the scammer has used an address that looks reasonably close to the actual Website (www.bankofamerica.com). In the first example, a user with little knowledge of the company’s actual Website could likely tell that the address was fake, in this case, the user might be fooled into going to the scammer’s Website.

5) Many companies are also trying to protect their customers from fraud attempts. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

In this example, the scammer used graphics directly from the company’s legitimate Website and Emails.  However, Bank of America has created a method of determining which uses of its graphics are legitimate and providing warnings for those that are not.

 

As an example of how prevalent this scam is, Fraud Watch International had confirmed 43 new “phishing” scams on the day this tutorial was written, and there were 47 new scams on the previous day.

 

Other tips to avoid “phishing” scams include:

 

  • Watch for bad spelling and grammar.  Company proofreaders would not allow spelling mistakes in their Emails, but a careless scammer might.
  • Many companies will address you by your user name in the Email.  The lack of any user name or the use of a generic greeting such as “Dear valued member” should raise suspicion.
  • Companies are not likely to send Emails requiring urgent requests for personal information.
  • Companies are not likely to suspend your account, or place it on hold until you confirm personal information.
  • Never use links in Emails that you have any reason to suspect might be fraudulent.  Always type the address of the legitimate site into your browser when you want to visit the site.
  • When entering personal information, be sure that the site is secure: the Website address should begin with “https” instead of just “http”. Note: This is not a guarantee that the Website is legitimate.
  • Use of Anti-Spam filters can reduce the number of fraudulent Emails received.
  • Use of Anti-Virus and Anti-Spyware software can remove harmful programs installed by scammers.