I received an email last week that I thought looked a bit suspicious- and it reminded me of how important it is to be vigilant to protect yourself against phishing scams.
The email looked like it came from EBay and it claimed that there had been some suspicious activity on my account. It had a link for me to click on that would take me to my account to look into the supposed ‘unusual’ activity. Luckily, I knew right away that it was a scam- simply because I don’t have an EBay account! However, it was so cleverly done – the email looked so realistic that it would have been very easy to fall for it.
This wasn’t the first time I’ve received a suspicious email. In fact, just last fall I received a similar letter from Target claiming that my credit card had been a part of the whole credit card scam- and in order to make it right I needed to click on the link in the email. Yet again, I knew it wasn’t real since I hadn’t used a credit card at Target.
These days the criminals are getting more and more sophisticated- and it would be easy to fall for one of their tricks. By providing a link in the text of their message they are hoping that you will click on the link which will most likely install spyware on your computer. By using spyware, the criminal is now able to see what you type on your computer. They then watch and wait for you to log on to your banking website and enter your user name and passcode. As soon as they have this information, they can now get into your account or steal your identity.
Even Microsoft had a similar case with a fake message pretending to be from the security division of the company! In the email they ask the user to log in to verify their account- and before you know it, you have just given out your personal information!
So what to do?
The best advice is to never click on a link from an email, no matter who sends it. If there really is suspicious activity on your account- either go directly to the website and log into your account or call the company directly. When you go to the website, look at the web address and make sure that it is a https site (as opposed to http). This ensures extra steps have been taken to make it a secure site. Lastly, never respond to a spam email – even if all you are doing is asking to be removed from the distribution list. By responding, you are confirming that it is an active account- which gives the phisher information about you.
Other important tips* to keep your computer and information secure:
Make sure you are protected with an anti-spyware software such as Webroot, Zone Alarm, Ad-Aware.
Updates! Keep your computer up to date with your anti-spyware and operating system (Windows, OS X).
Scans! Your anti-spyware software will do scans on your system. Your first reaction may be to cancel the scan if you’re working on your computer. STOP! Don’t cancel that scan. Save what you’re working on and take a break from your computer. By doing this your computer has a chance to find a spyware that might have gotten past the protection. You may also schedule scans to occur at times when you are not using your computer, such as the middle of the night. NEVER disable your scan settings!
Lastly, be careful where you surf, what you download and what attachments in e-mails you view.
* Tips from Vermont Government Information Security website