How to Fight Phishing & Spoof Email Scams

Do-It-Yourself Tech Privacy / Security

Expect more “phishing” emails

Spoof emails are on the rise, and they are getting trickier.
Several months ago Computers.net
released an article called “10 Ways To
Recognize Fake (Spoof) Emails.” Since then there has been a rapid increase
in the number of “phishing” (pronounced “fishing”) scams, or scams that fool
people into giving credit card numbers and other financial information by email
or over the Internet. Apparently, scammers have figured out that they can con
more people by mimicking companies who do business primarily online, such as PayPal, eBay,
and online banks. These phishing emails are made to look identical to the real
ones, often using the same logos in an attempt to convince recipients that they
are the real thing.

Copycat web sites

Because many
computer users are used to providing credit card information on web sites like
PayPal.com, a growing number of phishing scammers have begun setting up copycat
web sites that often look exactly like the real thing. They then send out mass
emails usually asking people to click on a link and “verify” their accounts,
including usernames, passwords, and credit card information. Many times the
copy cat websites will be set up with very similar names, such as www.payqual.com
or www.paypa1.com (note the number “1” instead of the letter “l” at the end of
the second name).

How to spot a spoof

Here are three easy
signs to help avoid phishing scams.

  1. Generic
    greetings. This is the easiest way to recognize a spoof, scam, or phish
    email. Remember, the scammer does not know your name. For this reason, most
    spoof emails begin with a general greeting, such as: “Dear PayPal
    member.” If you do not see your first and last name, be suspicious and do
    not click on any links or buttons.
  2. False sense of
    urgency. Spoof emails will often come marked “urgent” or with an
    exclamation mark. Some will claim your account has been misused to alarm you. The
    idea behind this is to rush you into giving up financial information you
    normally wouldn’t. Be suspicious of all emails marked urgent (!), especially
    ones with a generic greeting.
  3. Deceptive email
    links. A link in an email can look like the correct URL of a company and
    link some place totally different. Never log in to PayPal, eBay or any online bank from a link
    in an email.  If it is a legitimate email, you should be
    able to get to the same information by opening a new browser window and typing
    in the company’s URL yourself. Even then, you should only enter your password
    on secure web pages. These begin with “https://.” The “s” in “https” stands for
    “secure.” All legitimate online companies will switch to https:// when you need
    to enter a password or other sensitive information. When viewing a secure web
    page, a padlock graphic should appear in the status bar (usually the lower
    right of your browser window). This combination cannot easily be faked.

Be part of the
solution

With the growing
popularity of eBay and PayPal and online banking, scammers are counting on the
fact that if they email enough people, some of them will respond by innocently
clicking the link in the email. Once username, password, and other account
information is typed in, it is in the hands of the scammer. If caught soon
enough, passwords can be changed, accounts can be closed, and new credit cards
can be issued. But what can be done about the scammers? The best way to help
curb phishing is to warn others about it. It is also a good idea to forward all
suspicious emails to [email protected] (e.g. [email protected]). Companies like
eBay and PayPal have set up a spoof email address as a simple reporting system.
Some will even reply to let you know if the email you forwarded was a spoof or
not. If the email is a spoof, they can then attempt to trace and shut down
phishing web sites.

Leave a Reply

Your email address will not be published. Required fields are marked *