As we approach the holidays, thoughts of gift-giving and family merriment hopefully fill your mind. Unfortunately, internet scammers’ minds turn instead to darker deeds, like how best to fleece you out of your hard-earned money! Here’s the scoop on one pernicious scam that will likely “go big” this year:
Some afternoon or evening, perhaps while you’re shopping online for holiday gifts, you receive an official looking e-mail labeled “Urgent Action Required” or “Account Reauthorization Required” or even “Your Account has been Compromised.” The message includes the corporate logo of a well-known retailer. Concerned by the compelling title of the e-mail you open it up and find a request for personal information, such as your mailing address, Social Security number or even your credit card number or bank account number. If you fall for this “Phishing” gambit by providing your personal information, you’ll open your credit cards and/or bank accounts to being abused by a scammer! If instead you just click on a link in that compelling e-mail that resembles the address of a major retailer, you may be taken to a look-alike website run by scammers that will pretend to let you make a purchase and then pillage your credit card or bank account.
Here are three keys to avoiding the phishing scam:
- Don’t click on links in e-mails purporting to be from retailers, even major ones!. Instead, just type the retailer’s address (www.amazon.com or www.target.com, for example) into your web browser. That will take you directly to their legitimate, retail sales website.
- When you actually place an internet order, make sure the web address now begins https! This is the secure version of the normal http and indicates that the SSL security protocol is working to create a secure connection between your computer and the legitimate retailer’s system.
- If one of those annoying pop-up boxes opens the moment you reach a legitimate-looking retailer’s website, immediately leave the website! Scammers have learned how to direct victims to legitimate websites but then immediately trigger a pop-up box that attempts to collect your personal information for later abuse.
It’s getting harder and harder to spotscammer e-mails and websites. In past years, grammar in scam e-mails tended to be quite poor and was an easy hallmark to notice. But the scammers have polished their language skills! The scammers have evidently also been attending graphic design and website building classes—some scam sites today very closely resemble a legitimate retailer’s website, to the point of including not only corporate logos but even verbatim copies of privacy notices and other boring-looking legal notices at the bottom of webpages. To repeat, your best defense is to type the retailer’s correct web address into your browser to begin with!
Happy holidays to you, but remember to be wary whenever an e-mail, pop-up or website asks for your personal information. Want to know more? Try going to www.phisihing.org/scams/website-phishing/ or to http://pages.ebay.com/help/account/recognizing-spoof.html