The Internet provides the perfect playground for scam artists, and by using the same principle as spammers, they figure that if they try a scam on enough people, sooner or later, someone will take the bait.
In some cases, spam is actually used for the scam. One of the newest scams to make the news is phishing. In this scam, the target is sent a very official-looking e-mail from what they think is their bank or credit card company. A short note describes the "bank's" concern about identity theft and asks you to click a link so that they can confirm your account number. The link takes you to a very convincing website, complete with company's logo and trademarks and, in some cases, a 1-800 number. The site is bogus, however, and is operated by the actual identity thieves. The 1-800 number goes to them as well so if you call, everything seems legitimate. Figure 16-2 shows an example of a phishing e-mail (assuming that Pangea National Bank is an actual bank). Take a look at how official this looks and reads. However, clicking on the web link provided sends you to a website in China.
Figure 16-2 Sample Phishing E-Mail
Rest assured that any bank or credit card company that you deal with knows what your account number is. It is their business to know it, especially if you hold a balance on your credit card. If you get an e-mail like the one just described, you should immediately do these things:
- Report the scam to the Federal Trade Commission—Forward the e-mail you received to firstname.lastname@example.org and identify that you believe it to be a phishing scam.
- Call your credit card company to notify them of the scam—Use the phone number on the back of your credit card or the one printed on your monthly bill, not the one in the text of the e-mail or on the scam page.
- Notify your ISP—You can reach most ISPs by sending an e-mail to the abuse reporting address for your domain. For example, if you subscribe to EarthLink, the e-mail would be email@example.com. There will usually be a fraud alert link on the provider's main page as well.
As always, think before you act when it comes to giving out your personal information or responding to official looking e-mails. Phishing scams do not necessarily have to have money involved, it could just as easily be your e-mail account itself. To spammers and hackers, even an e-mail account is of value. Educate your friends, family, and strangers on the street about what you have just learned.
Phishing Scam Example
- You receive a fraudulent e-mail posing as your credit-card company or an
e-commerce site that has your credit-card information.
Your real credit-card company is not involved at all, but the scam site and e-mail look legitimate.
- A link to fraudulent imposter website is provided in the e-mail.
- You enter your credit-card number.
- Now thief now has your credit card to use online.
The urban legend e-mail is also a popular Internet scam. An urban legend is one of those amazing or scary stories—you know, like the one about the couple that went to lover's lane and then found the bloody hook of the one-armed mass murderer on the passenger-side door.
If you get an e-mail about an incredible story, amazing opportunity, or terrible injustice that compels you to copy everyone in your address book: Don't do it! To our knowledge, terrorists are not buying UPS uniforms, Bill Gates is not giving away stock or money, there is no top-secret Neiman Marcus cookie recipe, and no one—not one person—has ever been slipped a mickey in his drink and then woke up in a hotel bathtub filled with ice, missing one of his kidneys.
Although some of these stories are amusing, they are nearly always false. To avoid annoying your friends, family, and colleagues, and to save yourself some embarrassment, check out the facts first. There are a number of sites that debunk these claims. http://www.scambusters.org covers urban legends, e-mail scams, and a lot more. http://www.scopes.com is also a winner. Take a quick look there before you forward that "Warning to All" e-mail.