How do criminals get your e-mail address? E-mail addresses can be obtained from many publicly available sources such as company web pages and advertisements or through randomly generated lists.
Phishing, a form of social engineering, has become more sophisticated since its emergence in the early 1990s. At that time, phishing e-mail typically could be spotted easily by numerous typos, grammatical errors or even the absence of the misrepresented institution’s logo from the e-mail.
While phishing is a type of e-mail fraud, it is by no means the only type. Never send payment information via e-mail. Make sure your online vendor uses encryption technologies that will prevent others from accessing your private data.
Beware of e-mails from unfamiliar addresses or persons, especially if they contain attachments. Delete the e-mail right away. Do not attempt to “unsubscribe” from an e-mail advertisement or solicitation. This will alert the sender that your e-mail address is active.
-Threats: "If you don't respond to this email within "x" hours/days, your account will be closed"
-Request to verify account information: "Click on the link to verify your account"
-Generic greeting or no greeting: "Dear Customer"
-Misspelled words: "Your online banking account will be innactive"
-Awkwardly written sentences: "Your account has been placed on restricted status. To lift up this restriction"
-Link to website is phony: http://www.this-is-your-bank.com/ - hover your mouse over the link and you will see this website address:http://www.youwerefooled.com
However, don’t depend on today’s phishers to give themselves away through relatively unsophisticated missteps such as these.
The Nigerian scam, also known as the Advance Fee fraud, typically involves an e-mail (or letter or fax) from a wealthy foreigner who needs help moving millions of dollars from his homeland and promises a hefty percentage of this fortune as a reward for assisting him. The Nigerian Scam or 419 Scam tricks people at an average cost of more than $5000 per victim, according to one FBI report. In the end, the victim will have sent potentially thousands of dollars of their own money to a scammer and will never see a dime of their money back. Anytime you are exposed to this type of scam you should report it to the FBI immediately.
What would you do in these scenarios?
Your bank sends you an e-mail telling you that it suspects an unauthorized transaction on your account. You are instructed to click on a link to verify your identity. Should you click on the link?
You’re logged on to your computer and a pop-up message suddenly appears from your Internet service provider (ISP) prompting you to click on a link to update or verify your account information. What should you do?
You receive an e-mail from the Federal Trade Commission informing you that a client has filed a complaint accusing you of fraud. It instructs you to open an attachment to view the actual complaint. Is this a legitimate e-mail?
No legitimate company or government agency will ever ask you to provide your login or password, or to verify account information. Some phishing e-mails will threaten a dire consequence if you don’t respond. If you’re concerned about your account, contact the purported sender directly using a phone number or web address you know is genuine. If you want to go one step further, forward the email to firstname.lastname@example.org. Close pop-up ads by clicking the “X” in the upper-right corner of the ad.