Financial institutions will NOT ask you for
personal information by email
Have you been a victim of an internet scam of any type? Please contact us with any information you may have.
We have all gotten those pesky emails from what appears
to be a legitimate bank telling us that our account information
needs to be updated. The email will provide a link telling
us that we need to click through, sign into our account,
and update. This is called "phishing", which is an
attempt to get you to respond with personal information — like
fishing with bait on a hook.
Here is an example of a fake email sent to me just this morning. It claims to be from Paypal telling me that my account has been suspended. First off, if I have any doubt, I will go directly to the Paypal website and login. Notice that there is a "Login" link on this email. First of all, Paypal (or any legitimate bank for that matter) would NEVER ask you to click a link in an email and login at the resulting login page. In the email here, that is exactly what the crooks are trying to do.
Tip: Never use Western Union to pay for online purchases or for an advance fee loan.
Login Buttons and Phony Website Destinations
In this screenshot, we have placed the cursor (hand) over
the "Log In" link. When you do this (called "mousing
over" the link), it displays the link destination
in the address bar at the very bottom of the browser. Look
at the address displayed. It is fake and does not indicate
Paypal. That is an indicator that this is a fraud since
Paypal's website is paypal.com. We also want to mention
here that more and more phishers are starting to use similar
domains to make you think that it is legit. For example,
they may use something that looks similar to Paypal's website
address, with a slight variation that may be difficult
to detect. So, under no circumstances should you click
in" buttons inside an email sent to you,
regardless of how similar it looks to the real website
or it's domains. Once you attempt to login, and
you enter your information, it gets sent to the crooks.
They then know your login at Paypal or your bank.
Figure 1: Snapshot of a fake email phishing for Paypal login information. Email subject line: Your account has been temporarily suspended.
Poor Grammar and Spelling
Notice in the following example how they
make the mouse-over URL look more serious (with "security" in
it). Don't fall for it. Do not click on it. Here, they
try to convince you that your billing information needs
to be updated. The phishers have not even made the effort
to get the grammar correct, though they are normally quite
meticulous about making sure it looks authentic. Don't
assume that if an email is perfect, in appearance, grammar,
letterhead, etc, that it is legit.
Figure 2: Snapshot of a fake email phishing for Paypal login information. Email subject line: You're Billing Information (of course this is poor grammar -- it should be "Your Billing Information", not "You're" which means "You are".
When In Doubt, Don't Click!
If you get an e-mail asking for your account information
to update the "company
records," do NOT reply and do
not click on any of the links. If you
do accidently click a link, do not try
to login (if the link takes you to a login
page -- even if it looks professional). That login
page is the phishing lure. When you type in your
login and password, the phishers will assume that
is the login and password to the account you thought
you were accessing. They then have all of your
account information at their disposal.
Figure 3: Snapshot of a fake email phishing for Chase Bank log in information. Email subject line: Please restore your account.
Notice that our cursor (hand) is hovering
over the chase.com link. But the visible
link that shown is just visible text. It doesn't
necessarily say anything about where the link is actually
taking you. With the cursor hovering, you can see the REAL
destination in the bottom of the browser. This should be
suspicious from the beginning, as it is NOT a Chase domain
or IP. Furthermore, you should already know based on previous
examples that you should simply delete this email and not
fail victim to its somewhat-convincing message.
Remember, If you need to work in your bank account, just go directly to their website using the published URL/domain, by typing it directly into your browser. You can then login to your accounts and see that everything is most likely just fine. Had you logged in at the fake URL in the email, the phishers would now have your Chase account login information to use along with your personally-identifying information. Whew.
Do not click on any links in an email sent by someone you don't know
If you accidentally click an link in a website, do not enter a requested username or password (even if it looks legit) on an apparent "login" page. This is true for anything that looks like it is from a bank, credit card company, AOL, Paypal, and social networks such as Facebook or Myspace.
Close the email and click "delete"
If you have any doubt that your bank account needs "updating", just go directly to their website and login; never do this from an email link no matter how convincing or real it seems.
Some of this is redundant, but it is worth mentioning again!
delete the any emails that seem to encourage you to click a link, or login to an account. If you have to update
your account information for an online service that you
use, always do it through the master corporate web site, never via an e-mail link. If you have any concern that the email may have been legitimate, simply close the email, and go directly to the bank/creditor website. Or, call the bank and speak to a representative. It is better to be safe than sorry when it comes to your credit.
Legitimate financial institutions will never send
e-mails to customer asking for passwords, credit
card numbers, or sensitive account information. When your
bank sends you an email, the message will
have a header at the top with your first name, last name,
and the last four digits of your account number, but they
will never ask
you to type personal information into a pop-up window
nor will they send you an email asking you to verify your
account information online. Again, just go straight to
the corporate website by entering the address directly
into the browser and sign in there to make any modifications
or view your account activity.
also of a call from a company’s “help
desk agent” seeking your logon and password to
fix a problem on your system. No legitimate company
would ask you for this kind of information this way.
There are several computer viruses that
can hide in computer software and destroy computer
resources. Make sure your computer is protected from
viruses and trojans by using a reputable program. Scan
your harddrive routinely to check for malicious attacks.
As always, delete e-mail messages from people you don’t
know and avoid surfing to inappropriate websites.
Do not install software on your home systems that you have
not specifically requested yourself from a reliable source.
Keys to recognizing malicious e-mail messages are spelling
and grammar errors as well as what information is requested.
Use your common sense, and avoid opening anything that
America Online has been providing disclaimers for years that
AOL representatives will never ask you for your username (AIM).
This rule of thumb should also be applied to banks and creditors.
No legitimate bank will EVER send you an email asking you to
sign in and update records via a link in the email. You can always
go straight to their website and update your account information
Maybe we have gone over board here, but we are trying to grab your attention to this rapidly growing problem. So many people naively click links inside emails and give away their account information. You can go along way toward protecting your identity by using
some common sense.
Disclaimer: We have built this resource with great care and expertise. We try to keep the articles current and up-to-date, but this isn't always possible given the ever-changing financial and lending markets. As such, DirectLendingSolutions.com provides no guarantees, and NO WARRANTY, expressed or implied, for the accuracy of any information provided, or its applicability to your financial situation. We strongly suggest that you consult your own financial advisor to determine the best course of action for your financial situation.