| A little while ago, a client sent me this message: | | | | or phishing attempt and not be fooled. |
| "Hi. I just received an official looking e-mail from my | | | | - Beware of any e-mails asking for personal |
| small business payment processor that looked | | | | information. Banks and online retailers rarely, if ever, |
| suspicious. It said that the company noticed fraudulent | | | | ask clients to change personal information via a link in |
| activity on my account and wanted me to log-in to | | | | an e-mail. Instead of following the e-mail link, call the |
| verify that the account was mine. For my protection, it | | | | company on the phone or log-in directly by typing the |
| said, the account would be on hold until I verified the | | | | web address into your browser. |
| account. I have a lot of clients paying me online through | | | | - Be wary of any "official" looking e-mail that does not |
| that processor and can't afford to have my account | | | | address you personally. Most spoofed e- mails |
| suspended. I clicked the link in the e-mail. The | | | | address you in general terms, such as Dear Sir or |
| company's homepage and a form popped up asking | | | | Madam, or even by your e-mail user name. Legitimate |
| me to enter my ATM card number, user name, | | | | banks and retailers will have your name on file and |
| password and social security number in order to verify | | | | address you by your first and/or last name. |
| and unlock my account. I was hesitant to put all that | | | | - Always make sure the browser is secure before |
| information in there, so I took another look at the e-mail. | | | | entering personal information. The URL should read |
| The e-mail address sending the e-mail was from my | | | | https:// if it is secure, not http:// |
| payment processor, but there were a lot of spelling | | | | - Check the destination of the URL before you click it. |
| errors in the e-mail. It also said 'Dear Sir.' Usually e-mails | | | | You can do this by running your cursor over the URL. |
| from this company say 'Dear Company Name.' I don't | | | | In most e-mail programs, a little yellow box will pop up |
| know if it's really official, but I don't want to lose my | | | | showing you the destination. Other times you can |
| online payment privileges. What do I do?" | | | | check the left of your browser's status bar. That is the |
| Have any of you received similar e-mails? They | | | | gray bar at the bottom of the web browser. If the |
| appear to be from your bank, payment processor or | | | | URL says anything except: https:// www. ...there is a |
| credit card company, but something always seems | | | | problem. |
| suspicious. Well, you are right to be wary of those | | | | -Do not download suspicious looking attachments. |
| e-mails. The practice of using an "official" looking e-mail | | | | Even if it looks to be from your bank, most likely it is a |
| address to gain client information is called spoofing or | | | | computer virus. |
| phishing. Read on to learn how to protect yourself | | | | If you've received a spoofed e-mail, report it to the real |
| from these fraudulent e-mails. | | | | company. Citibank, for example, has an e-mail address |
| According to the Anti-Phishing Workgroup, a group of | | | | where they accept forwards of all phished e- mails |
| people dedicated to stopping these e-mail scams, | | | | using the Citibank name. |
| "phishing attacks use 'spoofed' e-mails and fraudulent | | | | What if you've already clicked the link and given out |
| websites designed to fool recipients into divulging | | | | your personal information? You could likely be the |
| personal financial data such as credit card numbers, | | | | victim of credit card fraud, bank account theft, or even |
| account usernames and passwords, social security | | | | identity theft. Visit Anti-Phishing.org for some tips on |
| numbers, etc. By hijacking the trusted brands of | | | | what to do if you are in this situation. Overall, be |
| well-known banks, online retailers and credit card | | | | suspicious of any e-mail asking for your personal |
| companies, phishers are able to convince up to 5% of | | | | information. With the appropriate knowledge, you will |
| recipients to respond to them." | | | | not be fooled. |
| With a little knowledge, you can recognize a spoofing | | | | |