I would have never thought in a million years that I would be a victim to fraud. I am not overly
careful, but I am always alert (just ask my son who thought he’d get away with charging $212 on my Visa card). Last Christmas I was the victim of identity theft. A clerk at a cell phone store took my information and went to an Apple Store and basically took over my wireless account. Lesson learned – set up your own phone at home. Do not let the clerk do it for you in the store.
Going through that process I learned, what I thought at the time, was more than I needed to know about fraud, and specifically about phishing. Until today, when someone thought I would buy in to their scam.
What is phishing? Phishing is an attempt to obtain information from you by disguising an email to look like a site you trust. Trust me, they look real. There are logos, and links, and terms used that make it look legit, but if you look closer you can catch some details.
Wikipedia has a thorough description and says this about the cost “According to 3rd Microsoft Computing Safer Index Report released in February 2014, the annual worldwide impact of phishing could be as high as $5 billion.”
What to look for? Is the email addressed to your first and last name? Companies you do business with will only address it to you. Not your email address, not Dear Customer, or VIP. Does the email ask you to click here and enter your password? No legitimate company you do business with will ask you for your password via email. Also, look for poor grammar, frequently misspelled words, etc. The scammers may think they are smart, but many of them don’t use spell check.
How do you protect yourself from phishing? NEVER click a link on an email. Instead, go to your web browser and type in the URL (www.——–.com) yourself.
Here is how the second fraud occurrence I experienced played out. I hope that this helps you protect yourself someday.
I have an item for sale on Craig’s List.
I received an inquiry about the item which asked for my bottom price.
The purchaser said they were interested and stated that they prefer to pay with PayPal.
No problem – yet.
Then, I received this email (check out the red flags).
I did receive an email confirmation, and it does look like it’s from PayPal. The sender is email@example.com, it has their logo, and it has some official looking stuff at the bottom. Still, there are 4 major red flags.
1) It is addressed to my email address. PayPal would address it to my first and last name.
2) It is itemized??? PayPal wouldn’t know what the transaction is.
3) The red print states not to call PayPal because PayPal customer service has no record of the transaction. I am quite sure that PayPal is aware of all of their transactions.
4) It wants you to send replies to PayPal@yahoo.com email instead of @paypal.com. Businesses use their own domain name in their email not yahoo or gmail or hotmail.
Of course I called out the purchaser, but they still think that they can fool me. Here is the second response.
I researched a little more about these type of scams today. They may not only try to get you to click a phony link through an email. They may: ask you to call a number and give your password to identify yourself or send you a text message asking you to verify your identity. Here is a helpful article from Microsoft to learn more
Fraudulent e-mail and Phishing
Note: PayPal has absolutely no involvement in any wrong doing. They have a very informative website to help protect yourself against fraud. They are very secure and I have done business with them for years. Craig’s List is also at no fault. They provide a great service to their clients. They unfortunately were used in this scam.
The saddest part about these scams by far is that there are people who actually fall for them. I totally get falling for actual good scams, but this? The first part is bad enough, and the "FBI ALERT" is just icing on the cake.