Happy Fraud Season
Friday, November 27, 2009 23:58
Well, we have had a good Thanksgiving meal, and most everyone has headed off to bed so it is now time for me to get down to writing this article. Yesterday I received an e-mail from a friend stating she was out of the country visiting a friend that was ill. Her friend was in need of surgery, and they were trying to recruit a surgeon from Israel and were in need of $2800 to pay for this necessary surgery. First, I was suspicious that this was a fraudulent e-mail because I had just seen the person and knew that she had no plans of heading out of the country. Secondly, the e-mail requested $2800 dollars which is a very small amount for a surgery, especially since the e-mail had an urgency about it leading the reader to believe that it may be a matter of life and death. The return e-mail was also suspicious because the return address was a generic Yahoo e-mail address.
With Thanksgiving almost done and the Christmas shopping officially starting, this time of year is what I call “fraud season.” This particular e-mail requested money straight out and therefore would not be considered a phishing e-mail, but it was definitely sent by a fraudster. Phishing is method used by criminals to trick people into revealing sensitive information that can be used to gain access to online accounts or to steal your identity. The criminal usually uses e-mail for this type of fraud and tries to make it seem like it is coming from a legitimate business. Since there are a number of different tactics that can be used in phishing attacks, I would recommend you read the other articles I have written regarding phishing attacks. You can find the articles here:
Do I Need My Boat To Go Phishing?
7 Signs it May be a Phishing E-Mail
In the above mentioned e-mail there was not any request for sensitive information, but there were signs that it was a fraudulent e-mail from the first moment I started reading it. How can you get good at identifying fraudulent or phishing e-mails? Here are some typical signs that an e-mail could be a phishing e-mail:
- Spelling and grammar errors are often in a phishing or fraudulent e-mail. This is not always the case so it is not a foolproof method of identifying such e-mails.
- Like the above e-mail, most fraudulent e-mails have an urgent tone to them and almost always request information that most legitimate companies would usually never request via e-mail. Also, legitimate companies do not request customers to confirm user names and passwords via e-mail.
- Most criminals use e-mail addresses that are similar to the business they are faking. Always doublecheck the sender information. Also, the sender information many times ends in something other than .com, etc. Since many phishing e-mails come from somewhere outside the United States, look to see if the e-mail address ends in a foreign country code.
- In some cases, the e-mail address may be hidden and just show a name without the complete e-mail. Usually hitting the “reply all” to an e-mail can reveal to you the true e-mail address of the sender. As always, if you are unsure go to the business’s website, find their contact information, and contact the company using that information.
- Most criminals make the e-mails generic and do not use specifics. Real companies that you have an account with usually use your name and include part of your account number in the e-mail to show they are who they say they are. A prepaid cellphone that we have does that every time they contact us via e-mail. They use the name we used to sign up for the account as well as include a portion of the account number in the e-mail. If they already have your account information, there is no reason they should be asking for it and especially not via e-mail.
- Inspect the links used in the e-mail to see if they appear to be legitimate. You can see more detail regarding the link by putting your mouse over the link and looking at the real web address which is usually located in the bottom left of most web browsers. Also, be aware that some criminals try to hide the website address they are sending you to by using URL shortening services.
- If you do use the link in an e-mail, do not be fooled if the website looks like the company’s website. Some of the fake websites are hard to distinguish from the real ones and some actually take you to the real website of the business but use a phishing pop-up window on top of the real website. Never use these type of pop-up windows. In most legitimate sites, the user would have to click on the log-in button or something similar before a login pop-up window appears. If you are unsure whether a site is legitimate, type in the site address or use a search engine to go to the real business website. Log in from there or contact the business using their website contact information.
These are seven signs that an e-mail may be a phishing e-mail or sent from a fraudster. Have a great holiday season and Christmas, but do be careful and protect your self and your business by being aware and suspicious. If you have other ways that you have used to identify a phishing e-mail or an e-mail sent by a fraudster, leave a comment below or send me a message using by contact form located on my about page.
Related posts: