How to Protect Yourself from Phishing Scams

by Bryan Longworth

Have you ever received an e-mail message informing you that your account has been compromised and prompting you to click on a link to log in and verify your information?  Did you respond?  I hope not.  Messages like these come regularly.  Some purport to be eBay, PayPal, a bank, or most recently, the IRS.

These are all examples of a scam tactic called phishing.  Recently, phishing, pronounced “fishing”, has become a huge problem in computing.  According to PCMag.com, phishing “is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords.”  (http://www.pcmag.com/encyclopedia_term/0,2542,t%3Dphishing&i%3D49176,00.asp.) 

Many of these e-mail messages appear legitimate.  Most use an official looking e-mail message that may include graphics from the company they allege to represent.  If you click on the e-mail link, you will even go to a page that quite often appears to be the official website of the company.  The page usually has the same layout and color scheme as the real website.  Many of the buttons on the bar will even take you to the real site.  For instance, an eBay phishing site may have the same header as the real eBay site.  The buttons for buy, sell, my eBay, etc. probably do link to those parts of the real eBay site.  But if you confirm the requested information, you will be in a world of trouble.

My dad found this out the hard way.  One day, he received a phishing e-mail that claimed to be from eBay.  The message stated that his account had been compromised and that he needed to log in at once to verify his information.  The e-mail warned that if he didn’t respond quickly his account might be cancelled.  Being an avid ebayer who had built an extensive list of good feedback, he didn’t want to risk having that happen, so he clicked the link, went to the site, confirmed the information, and thought the problem was taken care of.  Nothing could have been further from the truth.  The people running the phishing site took the information my dad had given them to order eBay items using his credit card.  Before he knew what was going on, his ebay account had been cancelled.  Years of good eBay feedback was lost!  He also had to cancel his credit card and e-mail account.  It took him months to clean up the mess.  If he had only listened to A Faster PC radio he could have spared himself a lot of grief.

These types of e-mail are fraudulent and should be deleted rather than responded to.  I don’t know of a single company has ever lost its customer’s information and e-mailed them to verify that information.  Security experts from eBay, PayPal, Internet service providers, major banks, and the IRS all urge people to not fall prey to these scams.  Ebay, PayPal, and the IRS have pages on their websites that describe phishing (or spoofing as some call it) scams and tell you how you can tell if an e-mail is legitimate or not.  The links are as follows: PayPal Fraudulent e-mail link: https://www.paypal.com/cgi-bin/webscr?cmd=xpt/general/SecuritySpoof-outside ; Ebay spoof e-mail link: http://pages.ebay.com/securitycenter/stop_spoof_websites.html ; and the IRS phishing protection page: http://www.irs.gov/individuals/article/0,,id=155344,00.html .   The ebay and PayPal pages both give examples of phishing scams complete with screen shots of what some of the messages look like.  All three sites have e-mail links where you can forward messages you believe may be fraudulent.  They can then investigate the site and shut down fraudulent sites and prosecute their operators.  Reporting phishing not only helps protect you but also protects other unsuspecting computer users.  eBay even has a toolbar that provides useful features for eBay users and helps protect against fraudulent websites.

The best action to take with these types of e-mails is to report them to the company or organization they purport to represent and to delete them or bounce them back to the sender.  If you think an e-mail may be legitimate, contact the company and see if they requested the information before taking action.  Caution and skepticism here can spare you from identity theft.

Bryan Longworth is the Manager of A Faster PC and the host of A Faster PC radio show, heard Saturdays from 10 – 11 pm on WPSL 1590 AM.