As the holidays approach, more and more of us will be doing our shopping online this year - and you should be informed of the latest web scams so that you can avoid becoming a growing statistic of people duped by a new breed of con artists. Because there is so much to write about this subject I will break it up into a multi-part article - so be sure to check back and read the other parts!

Don’t Go Phishing
I wanted to cover this topic first because phishing is on the rise and more and more people are falling victim to it. As the holidays get closer you’ll no doubt receive more and more emails from online retailers advertising their latest and greatest sale. However, not all of those emails are legitimate.

Phishing is the practice of sending emails that look exactly like legitimate emails from companies you do business with everyday. Some of the most popular include eBay, PayPal, Washington Mutual, Bank of America, etc. “Phishers” create an email with the company’s logo and contact information on it so that you won’t know the difference. These emails typically ask you to confirm your account information because [insert any number of excuses]. The email will also contain some link or button for you to click so that you can visit the website and update your information. However, those links and buttons actually take you to a website that looks exactly like the one you intended to visit - but instead of logging you in to your account, the website records your username and password so that the “Phisher” can visit the legitimate site later and use your account information to steal from you.

So the question is: how do you know if an email is legitimate or not? Here are a few of the major signs to look for:

1. Misspelled words - because phishers are most likely foreigners there might be simple and obvious spelling mistakes. But Wells Fargo would never send an email to you with spelling mistakes, would they?
2. Fake URLs - before clicking on a link or button, look at the bottom of your browser or email program to see where the link is going to take you. Look for legitimate emails like “chase.com”. Avoid links that look like this: “http://www.signin/chaseb.com/12332%?pasd”.
3. Reason for the email - think about what the email is about and ask yourself if a company would contact you in that way. For example, if your account has been compromised, do you think your bank would contact you through email to “CONCERNED CUSTOMER”? More likely they would call you and let you know of any problems.
4. Know the company - you have probably received emails from eBay before, so ask yourself if this one looks similar. Has eBay ever asked you to login from an email before? Also, if you don’t even know the company who is emailing you, then stay away!

Although these are a few tell-tale signs of phishing emails, the problem is that these signs are not foolproof. Sometimes you’ll receive a legitimate email that links to “http://www.wellsfargo1.com” that would raise a red flag in your mind. And phishers are becoming more sophisticated as well. Oftentimes they are able to hide those URLs so the link you’re clicking looks legitimate but it really isn’t. So here are some tips on how to protect yourself from having your credit card or bank information stolen from you - with your permission!

1. NEVER CLICK ON EMAIL LINKS - I can’t really emphasize this one enough. If you receive an email from your bank asking you to login and confirm information, open up your web browser and go to the site yourself - do not click on the link in your email! I know that there are some emails that legitimately include links so it’s easier for you to get to the company’s website - but in this case it pays to be safe. Avoid links like the money-stealing plague.
2. Invest in Antivirus Software - And by “invest” I mean go out and spend some actual cash. The $30 that antivirus suite will set you back will pale in comparison if your bank account gets hijacked and you’re out $5,000!
3. Keep Spyware in Check - This time, you don’t even need to spend a cent. Some of the best spyware software out there is completely free! Check out Cnet’s Spyware Center to read about and download the latest spyware programs
4. Keep Software Updated - You’ve heard it a million times, but I’m going to say it again. Be sure to keep your software updated - everything from Windows to Norton Antivirus. Those update pop-ups that might seem annoying are really the best thing you can do for your computer to keep it protected from viruses and other infections that might result from clicking on a phishing email.
5. Be Smart - It’s simple to say, but just exercise common sense when reading emails and browsing the internet. If something looks suspicious then stay away!

If you think you’re ready, take the “Phishing IQ Test” yourself to see if you can spot a fake email. You’ll see some actual phishing emails and some additional tips on spotting - and avoiding - these types of emails. Also check out these sites for additional reading:

• Anti-Phishing Working Group
• FTC Consumer Report - How Not To get Hooked by a “Phishing” Scam
• Computer World Report on Phishing

Be sure to come back to check out PART 2: Online Credit Card Safety 101.

credit card, fraud, phishing, web scam, identity theft