Your bank sends an email. It has the logo and a return email address that is from your bank. The email warns of some problem with security, or your ability to access the account and the email provides a convenient link for you to log in, provide your password and other personal information. The problem is the email IS NOT FROM YOUR BANK.
Common Internet Scams: Most Internet users are familiar with the emails that ask you to keep in confidence an email which purports to offer you a share of millions of dollars from some an estate or a seriously ill person. Often the emails are from foreign countries and contain numerous typographical errors. You are asked to provide personal information, such as social security numbers, mother's maiden name and other identifying information. DON'T DO IT.
Appealing to Greed: In addition to the above scam, beware of the fake lottery win sites. Many small time scammers (but big time takers) will ask for a registration "fee" to secure your win. These scams are illegal but international and difficult to shut down. When one is busted, another surfaces.
Phishing for Dollars: The "phishers" using a much more sophisticated approach, use trade names and logos of banks, internet providers, or other institutions you may have a relationship with to get you to willingly (and unsuspectingly) turn over your personal information to the bad guys. They "bait" the unwary to input information that can be used for identity theft or hacking of your personal accounts such as "Ebay" or "Paypal".
WHAT CAN YOU DO?
EDUCATION: If you have unsophisticated users in the household or family, please discuss these potential scams with them. Children or older adults who may not be as "internet savvy" should be told of these predators on the web. Even if you do not have a relationship with an institution, call the bank or organization and FORWARD the email on to the Fraud or abuse department. Everyone has to play a part in the solution.
Today, I received another "phishing" email from a bank I do not have an account with. I called an 800 number for the bank and was given an email address to forward the email to. I received the following response:
"Thank you for sending us this e-mail. We have already forwarded it to our fraud department for additional investigation. Although the e-mail appears to be from [BANK NAME DELETED], it is not. It has been designed by fraudsters with the intent to trick you into providing private information about yourself and your accounts. This is known as "phishing," and the number of people who fall victim to this scam is unfortunately rising. It is not our practice to: - Send e-mail that requires you to enter personal information directly into the e-mail - Send e-mail threatening to close your account if you do not take the immediate action of providing personal information - Send e-mail asking you to reply by sending personal information You should never reply to, click or enter any information if you receive a suspicious e-mail. We actively investigate each of these attempts and work hard to stop any further unauthorized e-mails from being sent. Although we did not send the e-mail, please know that we regret any inconvenience or concern it may have caused you."
REPORT/Be part of the solution: As above, your name and or email address may have been obtained from a variety of sources. It seems the "phishers" work on volume and often make mistakes as in my case. Even though I am an attorney and have written on this topic, I get between 6-12 fraudulent emails per month. This shows the desperation, arrogance and persistence of these individuals. Just like being part of a "neighborhood watch" we all must be part of a global cyber neighborhood watch and do our part in being observant and reporting such scams.
BEWARE of THE TROJAN HORSE: The saying "Beware of Greeks bearing gifts" can apply to the scam emails. Do not click the links or trust any phone numbers or contact information in the suspicious email. Simply search on line for the official site of the institution. Many have a tab that says "security" or "spoof" and click on the tab to find out where to forward the email. If none is provided, most sites provide a "contact us" tab where you can often find a toll free number to report the problem or obtain the link to the fraud or investigative department.
OFFICIAL HELP: In addition to reporting these matters to the affected organizations and institutions, many state and local law enforcement agencies are setting up "internet crime" departments. If you have been "hacked", had your identity and accounts compromised, do not hesitate in reporting the problem to such authorities.
IRONICALLY, while writing this article, I heard a new email arrive and went and checked. Not surprisingly, I received another email from another bank (which again, I do not bank with) and I am displaying it below:
"Unauthorized Access Notice We recently have determined that different computers have logged on to your Online Banking account and multiple password failures were present before logons.
We now need to re-confirm your account information with us.
If this is not completed by February 3, 2011 we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes.
We thank you for your cooperation in this matter."