What is it about the estate laws in Nigeria that make it so diffiicult for princes to retrieve their millions in inheritance? We’ve all received that hoax email from someone that needs your help in recovering millions in a bank account. One of the more common forms of hoax email is the “phishing” scheme. Phishing is when an email sender tries to trick the recipient into thinking the message is from someone else. The message may ask you to “update,” “validate,” or “confirm” your account information. Phishing emails typically attempt to trick people into revealing financial data, or direct you to spoof sites or phone numbers to call where they ask you to provide personal data.
The consequences of falling prey to a phishing scam can be devastating. Scammers potentially gain access to your credit card, social security number, bank account, password or personal information. Your data is traded on the black market and, in a worst case scenario, you end up becoming the victim of identity theft. Some creative scammers even use your data to defraud others of greater amounts of money. In one scenario, a scammer will gain access to your account information on an auction site such as eBay. Trading in your name they sell a fake item worth thousands of dollars. A buyer bites and you’re left explaining why don’t know anything about it.
It’s estimated that over 100 million phishing e-mails are sent ... every day! Losses are estimated at over $1 billion a year.
What does a phishing scam look like?
A phishing scam can take many forms. The scam is traditionally spread through email and might appear to come from a financial institution, company you regularly do business with, ecommerce site such as ebay or Paypal or from a social networking site. Phishing email often includes official company logos and can look convincingly like they come from legitimate websites.
The following is an example of what a phishing scam in an e-mail message (as displayed on an informational page on the Microsoft website) might look like.
Note that the graphic header is the actual logo taken from the real company’s website. The email includes a masked link to a fake website. The text of the link appears to be from the actual company’s website but if you place your mouse pointer above the link (rest it above - do not click the link) it reveals that the real address is actually a totally bogus site (18.104.22.168 ...). Scammers will sometimes also use addresses that contain minor alterations of the real company’s name (eg. wellsfagro.com) in the hope that you don’t notice. In either case, clicking on the link will take you to a spoofed site that attempts to have you submit your personal information.
There are several steps you can take to help protect yourself against phishing scams:
1. Don’t respond to emails that ask for personal, financial or account information. They are almost always scams.
2. Mouse over links in the email and read the pop-up that displays the actual address. See if looks genuine or not (then don’t click it anyway…).
3. Use anti-virus software and keep it up to date.
4. Never, ever email sensitive personal information. Even if you are sending it to a legitimate source, it will likely sit in somebody’s Inbox for a period of time where it can be read or stolen.
5. Check your bank and credit card statements for any unusual charges.
6. If you are using a Windows computer, upgrade your web browser to either Internet Explorer 7 or later or Firefox 3 or later. Both contain a phishing filter that warns you if you are about to enter a site that appears to be spoofed.
And just when you thought it was safe to go back in the water…
“Smishing” is the growing practice of sending phishing scams via SMS text messaging. Email filters have become more proficient at recognizing and blocking phishing schemes. This has pushed scammers to search for alternative digital delivery methods for their spoofed messages. SMS texts avoid filters normally associated with emails. Very few SMS messages are blocked and it can be difficult to determine if a message is real. Smishing text messages will prompt you to call a phone number. When you call, a phony operator will ask for your personal or financial information in order to complete some bogus financial transaction or account change.
The solution here is crystal clear. No legitimate company or financial institution will send you a text message asking you to call them and submit personal information. Do not reply. It’s that simple.