Friday, August 15, 2014

How to Detect Email Fraud, Phishing Basics

I would have never thought in a million years that I would be a victim to fraud.  I am not overly
careful, but I am always alert (just ask my son who thought he'd get away with charging $212 on my Visa card).  Last Christmas I was the victim of identity theft.  A clerk at a cell phone store took my information and went to an Apple Store and basically took over my wireless account.  Lesson learned - set up your own phone at home.  Do not let the clerk do it for you in the store.

Going through that process I learned, what I thought at the time, was more than I needed to know about fraud, and specifically about phishing.  Until today, when someone thought I would buy in to their scam.

What is phishing?  Phishing is an attempt to obtain information from you by disguising an email to look like a site you trust.  Trust me, they look real.  There are logos, and links, and terms used that make it look legit, but if you look closer you can catch some details.



Wikipedia has a thorough description and says this about the cost "According to 3rd Microsoft Computing Safer Index Report released in February 2014, the annual worldwide impact of phishing could be as high as $5 billion."

What to look for?  Is the email addressed to your first and last name?  Companies you do business with will only address it to you.  Not your email address, not Dear Customer, or VIP.  Does the email ask you to click here and enter your password?  No legitimate company you do business with will ask you for your password via email.  Also, look for poor grammar, frequently misspelled words, etc.  The scammers may think they are smart, but many of them don't use spell check.

How do you protect yourself from phishing?  NEVER click a link on an email.  Instead, go to your web browser and type in the URL (www.--------.com) yourself.

Here is how the second fraud occurrence I experienced played out.  I hope that this helps you protect yourself someday.

I have an item for sale on Craig's List.
I received an inquiry about the item which asked for my bottom price.
The purchaser said they were interested and stated that they prefer to pay with PayPal.
No problem - yet.
Then, I received this email (check out the red flags).

No customer is going to coach the seller to look for a confirmation email - flag #1.  No purchaser is going to send $1,000 more for asking price for delivery - flag #2.  Paypal will not release the funds until you initiate a Western Union transaction - flag #3.  The final flag is somewhat cut off, but people don't use agents to purchase from Craig's List and certainly not one from out of state.

I did receive an email confirmation, and it does look like it's from PayPal.  The sender is service@paypal.com, it has their logo, and it has some official looking stuff at the bottom.  Still, there are 4 major red flags.

1)  It is addressed to my email address.  PayPal would address it to my first and last name.
2)  It is itemized??? PayPal wouldn't know what the transaction is.
3) The red print states not to call PayPal because PayPal customer service has no record of the transaction.  I am quite sure that PayPal is aware of all of their transactions.
4)  It wants you to send replies to PayPal@yahoo.com email instead of @paypal.com.  Businesses use their own domain name in their email not yahoo or gmail or hotmail.

Of course I called out the purchaser, but they still think that they can fool me.  Here is the second response.
As you can see,  they are still attempting to get me to Western Union them money.  This is where the story goes from annoying to hilarious.  Again, I called the bogus purchaser out for fraud and now they resort to threats.  If I don't send them money in the next 3 hours the FBI will visit my home address.  Funny, they still don't know my name.  The sender is again service@paypal.com.  Check out the grammar and misuse of capitalization in this message.  Even the attorney's last name is short a capital 'F'.  And what is none response?  There was none, but I think they meant non-response.  These crooks could be good, if only . . . .



I researched a little more about these type of scams today.  They may not only try to get you to click a phony link through an email.  They may: ask you to call a number and give your password to identify yourself or send you a text message asking you to verify your identity.  Here is a helpful article from Microsoft to learn more
Fraudulent e-mail and Phishing

Note:  PayPal has absolutely no involvement in any wrong doing.  They have a very informative website to help protect yourself against fraud.  They are very secure and I have done business with them for years.  Craig's List is also at no fault.  They provide a great service to their clients.  They unfortunately were used in this scam.

1 comment:

  1. The saddest part about these scams by far is that there are people who actually fall for them. I totally get falling for actual good scams, but this? The first part is bad enough, and the "FBI ALERT" is just icing on the cake.

    ReplyDelete