Banks and Financial Institutions will NOT ask you for information by email...
Have you been a victim of an internet scam of any type? Please contact us with any information you may have.
We have all gotten those pesky emails from what appears
to be a legitimate bank telling us that our account information
needs to be updated. The email will provide a link telling
us that we need to click through, sign into our account,
and update. This is called "phishing", which is an
attempt to get you to respond with personal information — like
fishing with bait on a hook.
Here is an example of a fake email sent to me just this morning. It claims to be from Paypal telling me that my account has been suspended. First off, if I have any doubt, I will go directly to the Paypal website and login. Notice that there is a "Login" link on this email. First of all, Paypal (or any legitimate bank for that matter) would NEVER ask you to click a link in an email and login at the resulting login page. In the email here, that is exactly what the crooks are trying to do.
Tip: Never use Western Union to pay for online purchases or for an advance fee loan.
In this screenshot, we have placed the cursor (hand) over the "Log In" link. When you do this (called "mousing over" the link), it displays the link destination in the address bar at the very bottom of the browser. Look at the address displayed. It says something like "http://mail.tattoo13.com". That means, the "Log In" link will take you to http://mail.tatoo13.com. That is an indicator that this is a fraud since Paypal's website is paypal.com. That is the domain they always use; not "mail.tattoo13.com". We also want to mention here that more and more phishers are starting to use similar domains to make you think that it is legit. For example, instead of "mail.tattoo13.com", they may use something that looks more real like "www.paypal50.com", which is very similar, but still phony. So, under no circumstances should you click any "log in" links, regardless of how similar it looks to the real website or it's domains. Once you become convinced to login, and you enter your information, it gets sent to the crooks. They then know your login at Paypal or your bank.
Figure 1: Snapshot of a fake email phishing for Paypal login information. Email subject line: Your account has been temporarily suspended.
Notice in the following example how they make the mouse-over URL look more serious (with "security" in it). Don't fall for it. Do not click on it. Here, they try to convince you that your billing information needs to be updated. The phishers have not even made the effort to get the grammar correct, though they are normally quite meticulous about making sure it looks authentic. Don't assume that if an email is perfect, in appearance, grammar, letterhead, etc, that it is legit.
Figure 2: Snapshot of a fake email phishing for Paypal login information. Email subject line: You're Billing Information (of course this is poor grammar -- it should be "Your Billing Information", not "You're" which means "You are".
If you get an e-mail asking for your account information to update the "company
records," do NOT reply. And, do not click on any of the links. If you do accidently click a link, do not try to login (if the link takes you to a login page -- even if it looks professional). That login page is the phishing lure. When you type in your login and password, the phishers will assume that is the login and password to the account you thought you were accessing. They then have all of your account information at their disposal.
Figure 3: Snapshot of a fake email phishing for Chase Bank log in information. Email subject line: Please restore your account.
Notice that our cursor (hand) is hovering over the https://chaseonline.chase.com link. But the visible link that shown is just visible text. It doesn't necessarily say anything about where the link is actually taking you. With the cursor hovering, you can see the REAL destination in the bottom of the browser. Notice the destination URL is something along the lines of http://220.127.116.11/. This should be suspicious from the beginning, as it is NOT a Chase domain or IP. Furthermore, you should already know based on previous examples that you should simply delete this email and not fail victim to it's somewhat convincing message.
Remember, If you need to work in your bank account, just go directly to their website using the published URL/domain, by typing it directly into your browser. You can then login to your accounts and see that everything is most likely just fine. Had you logged in at the fake URL in the email, the phishers would now have your Chase account login information to use along with your personally-identifying information. Whew.
Do not click on any links in an email sent by someone you don't know
If you accidentally click an link in a website, do not enter a requested username or password (even if it looks legit) on an apparent "login" page. This is true for anything that looks like it is from a bank, credit card company, AOL, Paypal, and social networks such as Facebook or Myspace.
Close the email and click "delete"
If you have any doubt that your bank account needs "updating", just go directly to their website and login; never do this from an email link no matter how convincing or real it seems.
Some of this is redundant, but it is worth mentioning again!
delete the any emails that seem to encourage you to click a link, or login to an account. If you have to update
your account information for an online service that you
use, always do it through the master corporate web site, never via an e-mail link. If you have any concern that the email may have been legitimate, simply close the email, and go directly to the bank/creditor website. Or, call the bank and speak to a representative. It is better to be safe than sorry when it comes to your credit.
Citibank and other legitimate financial institutions never send
customers e-mails asking for passwords, credit card numbers or
sensitive account information. When Citibank does email it's customers, the email will have a header at the
top with your first name, last name and the last four digits of your account
number, but they will never ask you to type personal information into a pop-up
window nor will they send you an email asking you to verify your account
information online. Again, just go straight to the corporate website and sign in there to make any modifications or view your account activity.
also of a call from a company’s “help
desk agent” seeking your logon and password to fix
a problem on your system. No legitimate company would ask
you for this kind of information this way. There are several
new viruses and worms — Blackworm,
PWSteal, new SOBER variants, and Grew or Nyxem — that
can hide in computer software and destroy computer resources.
While Information Technology regularly updates virus protections
for USPS computers, you should take similar steps to protect
your personally owned home systems.
As always, delete e-mail messages from people you don’t
know and avoid surfing to inappropriate websites. Do not
install software on your home systems that you have not
specifically requested yourself from a reliable source. Keys
to recognizing malicious e-mail are spelling and grammar errors
as well as what information is requested. Use your common sense,
and avoid opening anything that looks suspicious.
America Online has been providing disclaimers for years that
AOL representatives will never ask you for your username (AIM).
This rule of thumb should also be applied to banks and creditors.
No legitimate bank will EVER send you an email asking you to
sign in and update records via a link in the email. You can always
go straight to their website and update your account information
Maybe we have gone over board here, but we are trying to grab your attention to this rapidly growing problem. So many people naively click links inside emails and give away their account information. You can go along way toward protecting your identity by using
some common sense.
Related Pages in Our Site: Identity Theft Protection | Identity Theft Recovery
Disclaimer: We have built this resource with great care and expertise. We try to keep the articles current and up-to-date, but this isn't always possible given the ever-changing financial and lending markets. As such, DirectLendingSolutions.com provides no guarantees, and NO WARRANTY, expressed or implied, for the accuracy of any information provided, or its applicability to your financial situation. We strongly suggest that you consult your own financial advisor to determine the best course of action for your financial situation.