 | |
Banks and Financial Institutions will NOT ask you for information by email...Have you been a victim of an internet scam of any type? Please contact us with any information you may have. We have all gotten those pesky emails from what appears to be a legitimate bank telling us that our account information needs to be updated. The email will provide a link telling us that we need to click through, sign into our account, and update. This is called "phishing", which is an attempt to get you to respond with personal information — like fishing with bait on a hook. Here is an example of a fake email sent to me just this morning. It claims to be from Paypal telling me that my account has been suspended. First off, if I have any doubt, I will go directly to the Paypal website and login. Notice that there is a "Login" link on this email. First of all, Paypal (or any legitimate bank for that matter) would NEVER ask you to click a link in an email and login at the resulting login page. In the email here, that is exactly what the crooks are trying to do. Tip: Never use Western Union to pay for online purchases or for an advance fee loan. In this screenshot, we have placed the cursor (hand) over the "Log In" link. When you do this (called "mousing over" the link), it displays the link destination in the address bar at the very bottom of the browser. Look at the address displayed. It says something like "http://mail.tattoo13.com". That means, the "Log In" link will take you to http://mail.tatoo13.com. That is an indicator that this is a fraud since Paypal's website is paypal.com. That is the domain they always use; not "mail.tattoo13.com". We also want to mention here that more and more phishers are starting to use similar domains to make you think that it is legit. For example, instead of "mail.tattoo13.com", they may use something that looks more real like "www.paypal50.com", which is very similar, but still phony. So, under no circumstances should you click any "log in" links, regardless of how similar it looks to the real website or it's domains. Once you become convinced to login, and you enter your information, it gets sent to the crooks. They then know your login at Paypal or your bank.
Notice in the following example how they make the mouse-over URL look more serious (with "security" in it). Don't fall for it. Do not click on it. Here, they try to convince you that your billing information needs to be updated. The phishers have not even made the effort to get the grammar correct, though they are normally quite meticulous about making sure it looks authentic. Don't assume that if an email is perfect, in appearance, grammar, letterhead, etc, that it is legit.
If you get an e-mail asking for your account information to update the "company records," do NOT reply. And, do not click on any of the links. If you do accidently click a link, do not try to login (if the link takes you to a login page -- even if it looks professional). That login page is the phishing lure. When you type in your login and password, the phishers will assume that is the login and password to the account you thought you were accessing. They then have all of your account information at their disposal.
Notice that our cursor (hand) is hovering over the https://chaseonline.chase.com link. But the visible link that shown is just visible text. It doesn't necessarily say anything about where the link is actually taking you. With the cursor hovering, you can see the REAL destination in the bottom of the browser. Notice the destination URL is something along the lines of http://72.10.41.190/. This should be suspicious from the beginning, as it is NOT a Chase domain or IP. Furthermore, you should already know based on previous examples that you should simply delete this email and not fail victim to it's somewhat convincing message. Remember, If you need to work in your bank account, just go directly to their website using the published URL/domain, by typing it directly into your browser. You can then login to your accounts and see that everything is most likely just fine. Had you logged in at the fake URL in the email, the phishers would now have your Chase account login information to use along with your personally-identifying information. Whew.
Some of this is redundant, but it is worth mentioning again!Simply delete the any emails that seem to encourage you to click a link, or login to an account. If you have to update your account information for an online service that you use, always do it through the master corporate web site, never via an e-mail link. If you have any concern that the email may have been legitimate, simply close the email, and go directly to the bank/creditor website. Or, call the bank and speak to a representative. It is better to be safe than sorry when it comes to your credit. Citibank and other legitimate financial institutions never send customers e-mails asking for passwords, credit card numbers or sensitive account information. When Citibank does email it's customers, the email will have a header at the top with your first name, last name and the last four digits of your account number, but they will never ask you to type personal information into a pop-up window nor will they send you an email asking you to verify your account information online. Again, just go straight to the corporate website and sign in there to make any modifications or view your account activity. Beware also of a call from a company’s “help desk agent” seeking your logon and password to fix a problem on your system. No legitimate company would ask you for this kind of information this way. There are several new viruses and worms — Blackworm, PWSteal, new SOBER variants, and Grew or Nyxem — that can hide in computer software and destroy computer resources. While Information Technology regularly updates virus protections for USPS computers, you should take similar steps to protect your personally owned home systems. As always, delete e-mail messages from people you don’t know and avoid surfing to inappropriate websites. Do not install software on your home systems that you have not specifically requested yourself from a reliable source. Keys to recognizing malicious e-mail are spelling and grammar errors as well as what information is requested. Use your common sense, and avoid opening anything that looks suspicious. America Online has been providing disclaimers for years that AOL representatives will never ask you for your username (AIM). This rule of thumb should also be applied to banks and creditors. No legitimate bank will EVER send you an email asking you to sign in and update records via a link in the email. You can always go straight to their website and update your account information directly. Maybe we have gone over board here, but we are trying to grab your attention to this rapidly growing problem. So many people naively click links inside emails and give away their account information. You can go along way toward protecting your identity by using some common sense. Related Pages in Our Site: Identity Theft Protection | Identity Theft Recovery Additional Information:
Disclaimer: We have built this resource with great care and expertise. We try to keep the articles current and up-to-date, but this isn't always possible given the ever-changing financial and lending markets. As such, DirectLendingSolutions.com provides no guarantees, and NO WARRANTY, expressed or implied, for the accuracy of any information provided, or its applicability to your financial situation. We strongly suggest that you consult your own financial advisor to determine the best course of action for your financial situation. |
