Beware of Phishing Scams!
BEWARE of Phishing Scams and Email Fraud!
Recently, a client received a fairly official looking email from what appeared to be the IRS. Upon closer inspection, it was not from the IRS at all. Instead, it was a bogus notice fraudulently posing as the Internal Revenue Service. The attempt was to acquire social security numbers and personal financial information.
NOTE: The IRS does not send email. The IRS will never email you asking for information.
To protect yourself from these email scams, you should understand what they are, what they look like, and what you can do to avoid them.
The following recommendations can minimize your chances of falling victim to an email scam:
- Filter spam by using your email settings.
- Don’t trust unsolicited email.
- Be skeptical of emails with spelling, grammar and punctuation errors.
- Treat email attachments with extreme caution.
- Don’t click on links in email messages.
- Do not reply to emails when you question the authenticity.
- Install antivirus software and keep it up to date.
- Install a personal firewall and keep it up to date.
- Configure your email clients for security.
Many email scams have existed for a long time. In fact, a number of them are merely “recycled” scams that predate the use of email. The FTC has a list of the 12 most common scams. (http://www.ftc.gov/opa/1998/07/dozen.shtm). The list includes:
- Bogus business opportunities
- Chain letters
- Work-at-home schemes
- Health and diet scams
- Ways to make easy money
- Free goods and services
- Investment opportunities
- Bulk email schemes
- Cable descrambler kits
- Guaranteed loans or credit
- Holding or transferring foreign currency
Phishing emails can be especially dangerous. While crafted to look as if they have been sent from a legitimate organization, like our client’s fraudulent “IRS” email, these emails attempt to fool you into visiting a bogus web site to either download viruses or reveal personal information.
For instance, an email can be crafted to look like it is from a major bank. It might have an alarming subject line, such as “Problem with Your Account.” The body of the message will claim there is a problem with your bank account and that, in order to validate your account, you must click a link included in the email and complete an online form.
Phishing emails are often sent to hundreds of recipients. Believing the email to be real, some recipients will click the link in the email without noticing that it takes them to a web address that only resembles the address of the real institution. If the email is sent and viewed as HTML, the visible link may be the URL of the institution, but the actual link information coded in the HTML will take the user to the bogus site. For example,
Visible link: http://www.yourbank.com/accounts/
Actual link to bogus site: http://itcare.co.kr/data/yourbank/index.html
A bogus site can look astonishingly real. The site may present an online form asking for information like your account number, your address, your online banking username and password—all the information an attacker needs to steal your identity and raid your bank account.
Carefully examine any email from your banks and other financial institutions. Most have instituted policies against asking for personal or account information in emails, so you should regard any email making such a request with extreme skepticism.
Phishing emails have also been disguised in a number of other ways. Some of the most common phishing emails include the following:
- Fake communications from online payment and auction services, or internet service providers – These emails claim there is a “problem” with your account and request that you access a (bogus) web page to provide personal and account information.
- Fake accusations of violating Patriot Act – This email purports to be from the Federal Deposit Insurance Corporation (FDIC). It says that the FDIC is refusing to ensure your account because of “suspected violations of the USA Patriot Act.” It requests you provide information through an online form to “verify your identity.” It’s really an attempt to steal your identity.
- Fake requests from an IT Department – These emails will attempt to ferret passwords and other information phishers can use to penetrate your networks and computers.
Be aware that fraudulent activity exists and that you may be a target. Be skeptical of emails that seem out of character for a government agency, bank, or legitimate business. Take caution so that you are not a victim of a phishing scam.
For further reading: www.ftc.gov